Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-5254
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:08.759Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3524", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3524", }, { name: "RHSA-2016:2035", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { name: "FEDORA-2015-7ca4368b0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { name: "FEDORA-2015-eefc5a6762", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { name: "RHSA-2016:2036", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-03T00:00:00", descriptions: [ { lang: "en", value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-27T19:06:06", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-3524", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3524", }, { name: "RHSA-2016:2035", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { name: "FEDORA-2015-7ca4368b0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { name: "FEDORA-2015-eefc5a6762", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { name: "RHSA-2016:2036", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5254", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3524", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3524", }, { name: "RHSA-2016:2035", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { name: "FEDORA-2015-7ca4368b0c", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { name: "FEDORA-2015-eefc5a6762", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { name: "RHSA-2016:2036", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "https://issues.apache.org/jira/browse/AMQ-6013", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", refsource: "CONFIRM", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5254", datePublished: "2016-01-08T19:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:08.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2015-5254\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-01-08T19:59:00.113\",\"lastModified\":\"2024-11-21T02:32:39.307\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.\"},{\"lang\":\"es\",\"value\":\"Apache ActiveMQ 5.x en versiones anteriores a 5.13.0 no restringe las clases que pueden ser serializadas en el broker, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto ObjectMessage Java Message Service (JMS) serializado manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B497EBB1-17A4-4FE8-B9FF-B2B53B18C175\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"436F59B9-507A-4B4E-A9F3-022616866151\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F58D9E69-CBF2-4FB6-B062-ED21F83CBCCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05D6EC30-88DC-4424-BF86-D9C0DA5E191C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82ACD6BA-257F-49D0-8944-0991FB038533\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C43FD7A1-FC03-47BC-B6C6-02C0F1466762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7A8D571-2925-4F61-B3F0-8F4A3776F6EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47B31CD9-A3BB-427C-A631-2E8168DD1985\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B904806-6796-4947-BDF4-EEA5681147E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6075BF1D-AC7C-46E3-A730-4E9A98856520\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"623530FC-12E9-480B-AFA0-C19FCFFA5D36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5755A41-0DBE-4F54-A1C1-4F65DCC6ACD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11AADFBF-AC60-4535-892C-BE90BE858172\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC5143E8-B392-4954-9C0D-DD39388B669F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C0A644-8667-4ABD-8BB3-46289DCD3A93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"607B6541-973A-4FF5-8106-A30076CA353C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08310F87-4C45-436F-A707-A22A4ACB1587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4243B47C-26B9-45BE-B66A-F1534D18A265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26258CBF-39D0-45FD-AC6B-3D9840CB88EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532FC7B8-31FD-459C-B757-4D17D4E6ED63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36710BEE-E9B8-4979-BB75-6CEF7836268B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F15DF0DF-FDBD-4196-88DE-023CF90AA0D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E1A027B-EDBB-4305-BCE2-5DA862F9A3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA90EA1-64F2-44DD-86A8-E35191C79446\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E7D827D-8180-4605-98CB-03436F916B27\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B\"}]}]}],\"references\":[{\"url\":\"http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0489.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2035.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2036.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3524\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/08/6\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.apache.org/jira/browse/AMQ-6013\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0489.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/12/08/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.apache.org/jira/browse/AMQ-6013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
RHSA-2016:0489
Vulnerability from csaf_redhat
Published
2016-03-22 16:49
Modified
2024-11-22 09:45
Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update
Notes
Topic
Red Hat OpenShift Enterprise release 2.2.9, which fixes several
security issues, several bugs, and introduces feature enhancements, is
now available.
Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
The following security issue is addressed with this release:
It was found that ActiveMQ did not safely handle user supplied data
when deserializing objects. A remote attacker could use this flaw to
execute arbitrary code with the permissions of the ActiveMQ
application. (CVE-2015-5254)
An update for Jenkins Continuous Integration Server that addresses a
large number of security issues including XSS, CSRF, information
disclosure and code execution have been addressed as well.
(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320,
CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324,
CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538,
CVE-2015-7539, CVE-2015-8103)
Space precludes documenting all of the bug fixes in this advisory. See
the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.9, for details about these changes:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Enterprise release 2.2.9, which fixes several \nsecurity issues, several bugs, and introduces feature enhancements, is \nnow available.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nThe following security issue is addressed with this release:\n\nIt was found that ActiveMQ did not safely handle user supplied data \nwhen deserializing objects. A remote attacker could use this flaw to \nexecute arbitrary code with the permissions of the ActiveMQ \napplication. (CVE-2015-5254)\n\nAn update for Jenkins Continuous Integration Server that addresses a \nlarge number of security issues including XSS, CSRF, information \ndisclosure and code execution have been addressed as well. \n(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, \nCVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, \nCVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538, \nCVE-2015-7539, CVE-2015-8103)\n\nSpace precludes documenting all of the bug fixes in this advisory. See\nthe OpenShift Enterprise Technical Notes, which will be updated\nshortly for release 2.2.9, for details about these changes:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html\n\nAll OpenShift Enterprise 2 users are advised to upgrade to these \nupdated packages.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:0489", url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1111456", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1111456", }, { category: "external", summary: "1140816", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1140816", }, { category: "external", summary: "1160934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1160934", }, { category: "external", summary: "1168480", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1168480", }, { category: "external", summary: "1169690", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1169690", }, { category: "external", summary: "1265423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265423", }, { category: "external", summary: "1265811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265811", }, { category: "external", summary: "1279584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279584", }, { category: "external", summary: "1282359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282359", }, { category: "external", summary: "1282361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282361", }, { category: "external", summary: "1282362", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282362", }, { category: "external", summary: "1282363", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282363", }, { category: "external", summary: "1282364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282364", }, { category: "external", summary: "1282365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282365", }, { category: "external", summary: "1282366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282366", }, { category: "external", summary: "1282367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282367", }, { category: "external", summary: "1282368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282368", }, { category: "external", summary: "1282369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282369", }, { category: "external", summary: "1282371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282371", }, { category: "external", summary: "1283372", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283372", }, { category: "external", summary: "1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "1291795", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291795", }, { category: "external", summary: "1291797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291797", }, { category: "external", summary: "1291798", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291798", }, { category: "external", summary: "1294513", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1294513", }, { category: "external", summary: "1299014", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1299014", }, { category: "external", summary: "1299095", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1299095", }, { category: "external", summary: "1302787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1302787", }, { category: "external", summary: "1305688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1305688", }, { category: "external", summary: "1307174", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1307174", }, { category: "external", summary: "1307175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1307175", }, { category: "external", summary: "1308716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308716", }, { category: "external", summary: "1308718", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308718", }, { category: "external", summary: "1308720", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308720", }, { category: "external", summary: "1308722", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308722", }, { category: "external", summary: "1308739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308739", }, { category: "external", summary: "1310247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310247", }, { category: "external", summary: "1310266", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310266", }, { category: "external", summary: "1310841", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310841", }, { category: "external", summary: "1314535", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1314535", }, { category: "external", summary: "1314546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1314546", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0489.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T09:45:53+00:00", generator: { date: "2024-11-22T09:45:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:0489", initial_release_date: "2016-03-22T16:49:04+00:00", revision_history: [ { date: "2016-03-22T16:49:04+00:00", number: "1", summary: "Initial version", }, { date: "2016-03-22T16:49:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:45:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Enterprise Infrastructure 2.2", product: { name: "Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, { category: "product_name", name: "Red Hat OpenShift Enterprise Node 2.2", product: { name: "Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, { category: "product_name", name: "Red Hat OpenShift Enterprise Client 2.2", product: { name: "Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product_id: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade@2.2.9-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product_id: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product_id: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product_id: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product_id: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product_id: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rhc-0:1.38.6.1-1.el6op.src", product: { name: "rhc-0:1.38.6.1-1.el6op.src", product_id: "rhc-0:1.38.6.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "php-0:5.3.3-46.el6_7.1.src", product: { name: "php-0:5.3.3-46.el6_7.1.src", product_id: "php-0:5.3.3-46.el6_7.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.3.3-46.el6_7.1?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product_id: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product_id: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product_id: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product_id: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product_id: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=src", }, }, }, { category: "product_version", name: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product_id: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=src", }, }, }, { category: "product_version", name: "jenkins-0:1.625.3-1.el6op.src", product: { name: "jenkins-0:1.625.3-1.el6op.src", product_id: "jenkins-0:1.625.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product_id: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-release@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade-node@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-yum-validator@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade-broker@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product_id: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rhc-0:1.38.6.1-1.el6op.noarch", product: { name: "rhc-0:1.38.6.1-1.el6op.noarch", product_id: "rhc-0:1.38.6.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product_id: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product_id: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product_id: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product_id: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product_id: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-0:1.625.3-1.el6op.noarch", product: { name: "jenkins-0:1.625.3-1.el6op.noarch", product_id: "jenkins-0:1.625.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-intl@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-process-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-process-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-process-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-process@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-fpm@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product_id: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/activemq-client@5.9.0-6.redhat.611454.el6op?arch=x86_64", }, }, }, { category: "product_version", name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product_id: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhc-0:1.38.6.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", }, product_reference: "rhc-0:1.38.6.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-CLIENT-2.2", }, { category: "default_component_of", full_product_name: { name: "rhc-0:1.38.6.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", }, product_reference: "rhc-0:1.38.6.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-CLIENT-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", }, product_reference: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", }, product_reference: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", }, product_reference: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:1.625.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", }, product_reference: "jenkins-0:1.625.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:1.625.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", }, product_reference: "jenkins-0:1.625.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", }, product_reference: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", }, product_reference: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", }, product_reference: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", }, product_reference: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", }, product_reference: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-0:5.3.3-46.el6_7.1.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", }, product_reference: "php-0:5.3.3-46.el6_7.1.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-devel-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-imap-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-intl-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-intl-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-process-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-process-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", }, product_reference: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, ], }, vulnerabilities: [ { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-5317", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282359", }, ], notes: [ { category: "description", text: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Project name disclosure via fingerprints (SECURITY-153)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5317", }, { category: "external", summary: "RHBZ#1282359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282359", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5317", url: "https://www.cve.org/CVERecord?id=CVE-2015-5317", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "exploit_status", date: "2023-05-12T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jenkins: Project name disclosure via fingerprints (SECURITY-153)", }, { cve: "CVE-2015-5318", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282361", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Public value used for CSRF protection salt (SECURITY-169)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5318", }, { category: "external", summary: "RHBZ#1282361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282361", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5318", url: "https://www.cve.org/CVERecord?id=CVE-2015-5318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Public value used for CSRF protection salt (SECURITY-169)", }, { cve: "CVE-2015-5319", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282362", }, ], notes: [ { category: "description", text: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: XXE injection into job configurations via CLI (SECURITY-173)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5319", }, { category: "external", summary: "RHBZ#1282362", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282362", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5319", url: "https://www.cve.org/CVERecord?id=CVE-2015-5319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: XXE injection into job configurations via CLI (SECURITY-173)", }, { cve: "CVE-2015-5320", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282363", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Secret key not verified when connecting a slave (SECURITY-184)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5320", }, { category: "external", summary: "RHBZ#1282363", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282363", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5320", url: "https://www.cve.org/CVERecord?id=CVE-2015-5320", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins: Secret key not verified when connecting a slave (SECURITY-184)", }, { cve: "CVE-2015-5321", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282364", }, ], notes: [ { category: "description", text: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Information disclosure via sidepanel (SECURITY-192)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5321", }, { category: "external", summary: "RHBZ#1282364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5321", url: "https://www.cve.org/CVERecord?id=CVE-2015-5321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Information disclosure via sidepanel (SECURITY-192)", }, { cve: "CVE-2015-5322", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282365", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Local file inclusion vulnerability (SECURITY-195)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5322", }, { category: "external", summary: "RHBZ#1282365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282365", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5322", url: "https://www.cve.org/CVERecord?id=CVE-2015-5322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: Local file inclusion vulnerability (SECURITY-195)", }, { cve: "CVE-2015-5323", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282366", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: API tokens of other users available to admins (SECURITY-200)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5323", }, { category: "external", summary: "RHBZ#1282366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282366", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5323", url: "https://www.cve.org/CVERecord?id=CVE-2015-5323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: API tokens of other users available to admins (SECURITY-200)", }, { cve: "CVE-2015-5324", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282367", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Queue API did show items not visible to the current user (SECURITY-186)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5324", }, { category: "external", summary: "RHBZ#1282367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282367", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5324", url: "https://www.cve.org/CVERecord?id=CVE-2015-5324", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Queue API did show items not visible to the current user (SECURITY-186)", }, { cve: "CVE-2015-5325", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282368", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5325", }, { category: "external", summary: "RHBZ#1282368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282368", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5325", url: "https://www.cve.org/CVERecord?id=CVE-2015-5325", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)", }, { cve: "CVE-2015-5326", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282369", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5326", }, { category: "external", summary: "RHBZ#1282369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5326", url: "https://www.cve.org/CVERecord?id=CVE-2015-5326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)", }, { cve: "CVE-2015-7537", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291795", }, ], notes: [ { category: "description", text: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7537", }, { category: "external", summary: "RHBZ#1291795", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291795", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7537", url: "https://www.cve.org/CVERecord?id=CVE-2015-7537", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7537", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7537", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)", }, { cve: "CVE-2015-7538", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291797", }, ], notes: [ { category: "description", text: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: CSRF protection ineffective (SECURITY-233)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7538", }, { category: "external", summary: "RHBZ#1291797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291797", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7538", url: "https://www.cve.org/CVERecord?id=CVE-2015-7538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7538", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7538", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: CSRF protection ineffective (SECURITY-233)", }, { cve: "CVE-2015-7539", discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291798", }, ], notes: [ { category: "description", text: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7539", }, { category: "external", summary: "RHBZ#1291798", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291798", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7539", url: "https://www.cve.org/CVERecord?id=CVE-2015-7539", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7539", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7539", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)", }, { cve: "CVE-2015-8103", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282371", }, ], notes: [ { category: "description", text: "The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the \"Groovy variant in 'ysoserial'\".", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8103", }, { category: "external", summary: "RHBZ#1282371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8103", url: "https://www.cve.org/CVERecord?id=CVE-2015-8103", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8103", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8103", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "workaround", details: "https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)", }, ], }
rhsa-2016_0489
Vulnerability from csaf_redhat
Published
2016-03-22 16:49
Modified
2024-11-22 09:45
Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update
Notes
Topic
Red Hat OpenShift Enterprise release 2.2.9, which fixes several
security issues, several bugs, and introduces feature enhancements, is
now available.
Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
The following security issue is addressed with this release:
It was found that ActiveMQ did not safely handle user supplied data
when deserializing objects. A remote attacker could use this flaw to
execute arbitrary code with the permissions of the ActiveMQ
application. (CVE-2015-5254)
An update for Jenkins Continuous Integration Server that addresses a
large number of security issues including XSS, CSRF, information
disclosure and code execution have been addressed as well.
(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320,
CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324,
CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538,
CVE-2015-7539, CVE-2015-8103)
Space precludes documenting all of the bug fixes in this advisory. See
the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.9, for details about these changes:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Enterprise release 2.2.9, which fixes several \nsecurity issues, several bugs, and introduces feature enhancements, is \nnow available.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nThe following security issue is addressed with this release:\n\nIt was found that ActiveMQ did not safely handle user supplied data \nwhen deserializing objects. A remote attacker could use this flaw to \nexecute arbitrary code with the permissions of the ActiveMQ \napplication. (CVE-2015-5254)\n\nAn update for Jenkins Continuous Integration Server that addresses a \nlarge number of security issues including XSS, CSRF, information \ndisclosure and code execution have been addressed as well. \n(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, \nCVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, \nCVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538, \nCVE-2015-7539, CVE-2015-8103)\n\nSpace precludes documenting all of the bug fixes in this advisory. See\nthe OpenShift Enterprise Technical Notes, which will be updated\nshortly for release 2.2.9, for details about these changes:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html\n\nAll OpenShift Enterprise 2 users are advised to upgrade to these \nupdated packages.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:0489", url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1111456", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1111456", }, { category: "external", summary: "1140816", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1140816", }, { category: "external", summary: "1160934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1160934", }, { category: "external", summary: "1168480", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1168480", }, { category: "external", summary: "1169690", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1169690", }, { category: "external", summary: "1265423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265423", }, { category: "external", summary: "1265811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265811", }, { category: "external", summary: "1279584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279584", }, { category: "external", summary: "1282359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282359", }, { category: "external", summary: "1282361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282361", }, { category: "external", summary: "1282362", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282362", }, { category: "external", summary: "1282363", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282363", }, { category: "external", summary: "1282364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282364", }, { category: "external", summary: "1282365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282365", }, { category: "external", summary: "1282366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282366", }, { category: "external", summary: "1282367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282367", }, { category: "external", summary: "1282368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282368", }, { category: "external", summary: "1282369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282369", }, { category: "external", summary: "1282371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282371", }, { category: "external", summary: "1283372", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283372", }, { category: "external", summary: "1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "1291795", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291795", }, { category: "external", summary: "1291797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291797", }, { category: "external", summary: "1291798", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291798", }, { category: "external", summary: "1294513", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1294513", }, { category: "external", summary: "1299014", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1299014", }, { category: "external", summary: "1299095", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1299095", }, { category: "external", summary: "1302787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1302787", }, { category: "external", summary: "1305688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1305688", }, { category: "external", summary: "1307174", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1307174", }, { category: "external", summary: "1307175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1307175", }, { category: "external", summary: "1308716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308716", }, { category: "external", summary: "1308718", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308718", }, { category: "external", summary: "1308720", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308720", }, { category: "external", summary: "1308722", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308722", }, { category: "external", summary: "1308739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308739", }, { category: "external", summary: "1310247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310247", }, { category: "external", summary: "1310266", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310266", }, { category: "external", summary: "1310841", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310841", }, { category: "external", summary: "1314535", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1314535", }, { category: "external", summary: "1314546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1314546", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0489.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T09:45:53+00:00", generator: { date: "2024-11-22T09:45:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:0489", initial_release_date: "2016-03-22T16:49:04+00:00", revision_history: [ { date: "2016-03-22T16:49:04+00:00", number: "1", summary: "Initial version", }, { date: "2016-03-22T16:49:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:45:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Enterprise Infrastructure 2.2", product: { name: "Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, { category: "product_name", name: "Red Hat OpenShift Enterprise Node 2.2", product: { name: "Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, { category: "product_name", name: "Red Hat OpenShift Enterprise Client 2.2", product: { name: "Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product_id: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade@2.2.9-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product_id: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product_id: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product_id: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product_id: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product_id: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rhc-0:1.38.6.1-1.el6op.src", product: { name: "rhc-0:1.38.6.1-1.el6op.src", product_id: "rhc-0:1.38.6.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "php-0:5.3.3-46.el6_7.1.src", product: { name: "php-0:5.3.3-46.el6_7.1.src", product_id: "php-0:5.3.3-46.el6_7.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.3.3-46.el6_7.1?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product_id: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product_id: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product_id: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product_id: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product_id: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=src", }, }, }, { category: "product_version", name: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product_id: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=src", }, }, }, { category: "product_version", name: "jenkins-0:1.625.3-1.el6op.src", product: { name: "jenkins-0:1.625.3-1.el6op.src", product_id: "jenkins-0:1.625.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product_id: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-release@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade-node@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-yum-validator@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade-broker@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product_id: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rhc-0:1.38.6.1-1.el6op.noarch", product: { name: "rhc-0:1.38.6.1-1.el6op.noarch", product_id: "rhc-0:1.38.6.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product_id: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product_id: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product_id: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product_id: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product_id: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-0:1.625.3-1.el6op.noarch", product: { name: "jenkins-0:1.625.3-1.el6op.noarch", product_id: "jenkins-0:1.625.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-intl@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-process-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-process-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-process-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-process@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-fpm@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product_id: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/activemq-client@5.9.0-6.redhat.611454.el6op?arch=x86_64", }, }, }, { category: "product_version", name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product_id: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhc-0:1.38.6.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", }, product_reference: "rhc-0:1.38.6.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-CLIENT-2.2", }, { category: "default_component_of", full_product_name: { name: "rhc-0:1.38.6.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", }, product_reference: "rhc-0:1.38.6.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-CLIENT-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", }, product_reference: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", }, product_reference: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", }, product_reference: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:1.625.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", }, product_reference: "jenkins-0:1.625.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:1.625.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", }, product_reference: "jenkins-0:1.625.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", }, product_reference: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", }, product_reference: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", }, product_reference: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", }, product_reference: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", }, product_reference: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-0:5.3.3-46.el6_7.1.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", }, product_reference: "php-0:5.3.3-46.el6_7.1.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-devel-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-imap-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-intl-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-intl-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-process-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-process-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", }, product_reference: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, ], }, vulnerabilities: [ { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-5317", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282359", }, ], notes: [ { category: "description", text: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Project name disclosure via fingerprints (SECURITY-153)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5317", }, { category: "external", summary: "RHBZ#1282359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282359", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5317", url: "https://www.cve.org/CVERecord?id=CVE-2015-5317", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "exploit_status", date: "2023-05-12T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jenkins: Project name disclosure via fingerprints (SECURITY-153)", }, { cve: "CVE-2015-5318", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282361", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Public value used for CSRF protection salt (SECURITY-169)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5318", }, { category: "external", summary: "RHBZ#1282361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282361", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5318", url: "https://www.cve.org/CVERecord?id=CVE-2015-5318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Public value used for CSRF protection salt (SECURITY-169)", }, { cve: "CVE-2015-5319", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282362", }, ], notes: [ { category: "description", text: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: XXE injection into job configurations via CLI (SECURITY-173)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5319", }, { category: "external", summary: "RHBZ#1282362", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282362", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5319", url: "https://www.cve.org/CVERecord?id=CVE-2015-5319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: XXE injection into job configurations via CLI (SECURITY-173)", }, { cve: "CVE-2015-5320", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282363", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Secret key not verified when connecting a slave (SECURITY-184)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5320", }, { category: "external", summary: "RHBZ#1282363", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282363", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5320", url: "https://www.cve.org/CVERecord?id=CVE-2015-5320", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins: Secret key not verified when connecting a slave (SECURITY-184)", }, { cve: "CVE-2015-5321", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282364", }, ], notes: [ { category: "description", text: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Information disclosure via sidepanel (SECURITY-192)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5321", }, { category: "external", summary: "RHBZ#1282364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5321", url: "https://www.cve.org/CVERecord?id=CVE-2015-5321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Information disclosure via sidepanel (SECURITY-192)", }, { cve: "CVE-2015-5322", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282365", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Local file inclusion vulnerability (SECURITY-195)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5322", }, { category: "external", summary: "RHBZ#1282365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282365", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5322", url: "https://www.cve.org/CVERecord?id=CVE-2015-5322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: Local file inclusion vulnerability (SECURITY-195)", }, { cve: "CVE-2015-5323", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282366", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: API tokens of other users available to admins (SECURITY-200)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5323", }, { category: "external", summary: "RHBZ#1282366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282366", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5323", url: "https://www.cve.org/CVERecord?id=CVE-2015-5323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: API tokens of other users available to admins (SECURITY-200)", }, { cve: "CVE-2015-5324", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282367", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Queue API did show items not visible to the current user (SECURITY-186)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5324", }, { category: "external", summary: "RHBZ#1282367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282367", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5324", url: "https://www.cve.org/CVERecord?id=CVE-2015-5324", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Queue API did show items not visible to the current user (SECURITY-186)", }, { cve: "CVE-2015-5325", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282368", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5325", }, { category: "external", summary: "RHBZ#1282368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282368", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5325", url: "https://www.cve.org/CVERecord?id=CVE-2015-5325", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)", }, { cve: "CVE-2015-5326", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282369", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5326", }, { category: "external", summary: "RHBZ#1282369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5326", url: "https://www.cve.org/CVERecord?id=CVE-2015-5326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)", }, { cve: "CVE-2015-7537", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291795", }, ], notes: [ { category: "description", text: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7537", }, { category: "external", summary: "RHBZ#1291795", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291795", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7537", url: "https://www.cve.org/CVERecord?id=CVE-2015-7537", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7537", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7537", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)", }, { cve: "CVE-2015-7538", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291797", }, ], notes: [ { category: "description", text: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: CSRF protection ineffective (SECURITY-233)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7538", }, { category: "external", summary: "RHBZ#1291797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291797", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7538", url: "https://www.cve.org/CVERecord?id=CVE-2015-7538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7538", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7538", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: CSRF protection ineffective (SECURITY-233)", }, { cve: "CVE-2015-7539", discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291798", }, ], notes: [ { category: "description", text: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7539", }, { category: "external", summary: "RHBZ#1291798", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291798", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7539", url: "https://www.cve.org/CVERecord?id=CVE-2015-7539", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7539", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7539", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)", }, { cve: "CVE-2015-8103", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282371", }, ], notes: [ { category: "description", text: "The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the \"Groovy variant in 'ysoserial'\".", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8103", }, { category: "external", summary: "RHBZ#1282371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8103", url: "https://www.cve.org/CVERecord?id=CVE-2015-8103", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8103", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8103", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "workaround", details: "https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)", }, ], }
rhsa-2016:2036
Vulnerability from csaf_redhat
Published
2016-10-06 16:18
Modified
2024-11-22 10:24
Summary
Red Hat Security Advisory: Red Hat JBoss A-MQ 6.3 security update
Notes
Topic
Red Hat JBoss A-MQ 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.
Red Hat JBoss A-MQ 6.3 is a minor product release that updates Red Hat JBoss A-MQ 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.
Security Fix(es):
It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)
It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)
Refer to the Product Documentation link in the References section for installation instructions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss A-MQ 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.\n\nRed Hat JBoss A-MQ 6.3 is a minor product release that updates Red Hat JBoss A-MQ 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.\n\nSecurity Fix(es):\n\nIt was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)\n\nA denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)\n\nIt was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)\n\nRefer to the Product Documentation link in the References section for installation instructions.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:2036", url: "https://access.redhat.com/errata/RHSA-2016:2036", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq&downloadType=distributions&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq&downloadType=distributions&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", url: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", }, { category: "external", summary: "1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2036.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss A-MQ 6.3 security update", tracking: { current_release_date: "2024-11-22T10:24:24+00:00", generator: { date: "2024-11-22T10:24:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:2036", initial_release_date: "2016-10-06T16:18:02+00:00", revision_history: [ { date: "2016-10-06T16:18:02+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:40:10+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T10:24:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ 6.3", product: { name: "Red Hat JBoss A-MQ 6.3", product_id: "Red Hat JBoss A-MQ 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss AMQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-3192", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2015-06-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1239002", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.", title: "Vulnerability description", }, { category: "summary", text: "Framework: denial-of-service attack with XML input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3192", }, { category: "external", summary: "RHBZ#1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3192", url: "https://www.cve.org/CVERecord?id=CVE-2015-3192", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", }, { category: "external", summary: "http://pivotal.io/security/cve-2015-3192", url: "http://pivotal.io/security/cve-2015-3192", }, ], release_date: "2015-06-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Framework: denial-of-service attack with XML input", }, { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-7940", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276272", }, ], notes: [ { category: "description", text: "It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: Invalid curve attack allowing to extract private keys", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7940", }, { category: "external", summary: "RHBZ#1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7940", url: "https://www.cve.org/CVERecord?id=CVE-2015-7940", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", }, ], release_date: "2015-09-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bouncycastle: Invalid curve attack allowing to extract private keys", }, { cve: "CVE-2016-3088", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2016-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1339318", }, ], notes: [ { category: "description", text: "The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.", title: "Vulnerability description", }, { category: "summary", text: "activemq: Fileserver web application vulnerability allowing RCE", title: "Vulnerability summary", }, { category: "other", text: "Red Hat JBoss A-MQ 6.3 , Red Hat JBoss Fuse 6.3, and Red Hat JBoss Fuse Service Works 6.0.0 do not provide the vulnerable component and are not affected by this flaw. Red Hat JBoss A-MQ 6.2.1 and Red Hat JBoss Fuse 6.2.1 disable the vulnerable component and as such are not vulnerable to this flaw. The fileserver component was first disabled in A-MQ 6.2.0 and Fuse 6.2.0. Users of older, unsupported versions of these products are strongly advised to observe the mitigation provided on this page.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-3088", }, { category: "external", summary: "RHBZ#1339318", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1339318", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-3088", url: "https://www.cve.org/CVERecord?id=CVE-2016-3088", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-3088", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-3088", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2016-05-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, { category: "workaround", details: "Users are advised to use other FTP and HTTP based file servers for transferring blob messages. Fileserver web application SHOULD NOT be used in older version of the broker and it should be disabled (it has been disabled by default since 5.12.0). This can be done by removing (commenting out) the following lines from conf\\jetty.xml file\n\n<bean class=\"org.eclipse.jetty.webapp.WebAppContext\">\n <property name=\"contextPath\" value=\"/fileserver\" />\n <property name=\"resourceBase\" value=\"${activemq.home}/webapps/fileserver\" />\n <property name=\"logUrlOnStart\" value=\"true\" />\n <property name=\"parentLoaderPriority\" value=\"true\" />\n</bean>", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2022-02-10T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "activemq: Fileserver web application vulnerability allowing RCE", }, { cve: "CVE-2016-4437", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1343346", }, ], notes: [ { category: "description", text: "It was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Security constraint bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4437", }, { category: "external", summary: "RHBZ#1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4437", url: "https://www.cve.org/CVERecord?id=CVE-2016-4437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2016-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2021-11-03T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "shiro: Security constraint bypass", }, ], }
rhsa-2016:2035
Vulnerability from csaf_redhat
Published
2016-10-06 16:18
Modified
2024-12-29 18:16
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update
Notes
Topic
Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
Red Hat JBoss Fuse 6.3 is a minor product release that updates Red Hat JBoss Fuse 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.
Security Fix(es):
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141)
A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library. (CVE-2016-2510)
It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)
It was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks. (CVE-2015-5344)
It was found that Apache Camel's Jetty/Servlet permitted object deserialization. If using camel-jetty or camel-servlet as a consumer in Camel routes, then Camel will automatically deserialize HTTP requests that use the content-header: application/x-java-serialized-object. An attacker could use this vulnerability to gain access to unauthorized information or conduct further attacks. (CVE-2015-5348)
It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)
The CVE-2016-2141 issue was discovered by Dennis Reed (Red Hat).
Refer to the Product Documentation link in the References section for installation instructions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.\n\nRed Hat JBoss Fuse 6.3 is a minor product release that updates Red Hat JBoss Fuse 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.\n\nSecurity Fix(es):\n\nIt was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141)\n\nA deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library. (CVE-2016-2510)\n\nIt was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)\n\nA denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)\n\nIt was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks. (CVE-2015-5344)\n\nIt was found that Apache Camel's Jetty/Servlet permitted object deserialization. If using camel-jetty or camel-servlet as a consumer in Camel routes, then Camel will automatically deserialize HTTP requests that use the content-header: application/x-java-serialized-object. An attacker could use this vulnerability to gain access to unauthorized information or conduct further attacks. (CVE-2015-5348)\n\nIt was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)\n\nThe CVE-2016-2141 issue was discovered by Dennis Reed (Red Hat).\n\nRefer to the Product Documentation link in the References section for installation instructions.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:2035", url: "https://access.redhat.com/errata/RHSA-2016:2035", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", url: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", }, { category: "external", summary: "1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "1292849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1292849", }, { category: "external", summary: "1303609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1303609", }, { category: "external", summary: "1310647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310647", }, { category: "external", summary: "1313589", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313589", }, { category: "external", summary: "1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2035.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update", tracking: { current_release_date: "2024-12-29T18:16:31+00:00", generator: { date: "2024-12-29T18:16:31+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.4", }, }, id: "RHSA-2016:2035", initial_release_date: "2016-10-06T16:18:07+00:00", revision_history: [ { date: "2016-10-06T16:18:07+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:38:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-29T18:16:31+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Fuse 6.3", product: { name: "Red Hat JBoss Fuse 6.3", product_id: "Red Hat JBoss Fuse 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-3192", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2015-06-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1239002", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.", title: "Vulnerability description", }, { category: "summary", text: "Framework: denial-of-service attack with XML input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3192", }, { category: "external", summary: "RHBZ#1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3192", url: "https://www.cve.org/CVERecord?id=CVE-2015-3192", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", }, { category: "external", summary: "http://pivotal.io/security/cve-2015-3192", url: "http://pivotal.io/security/cve-2015-3192", }, ], release_date: "2015-06-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Framework: denial-of-service attack with XML input", }, { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "Red Hat JBoss Fuse 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-5344", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2016-01-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1303609", }, ], notes: [ { category: "description", text: "It was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks.", title: "Vulnerability description", }, { category: "summary", text: "camel-xstream: Java object de-serialization vulnerability leads to RCE", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5344", }, { category: "external", summary: "RHBZ#1303609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1303609", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5344", url: "https://www.cve.org/CVERecord?id=CVE-2015-5344", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5344", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5344", }, { category: "external", summary: "https://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc?version=1&modificationDate=1454056803000&api=v2", url: "https://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc?version=1&modificationDate=1454056803000&api=v2", }, ], release_date: "2015-11-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "MULTIPLE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:M/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "camel-xstream: Java object de-serialization vulnerability leads to RCE", }, { cve: "CVE-2015-5348", discovery_date: "2015-12-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1292849", }, ], notes: [ { category: "description", text: "It was found that Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability. If using camel-jetty, or camel-servlet as a consumer in Camel routes, then Camel will automatically de-serialize HTTP requests that uses the content-header: application/x-java-serialized-object.", title: "Vulnerability description", }, { category: "summary", text: "Camel: Java object deserialisation in Jetty/Servlet", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5348", }, { category: "external", summary: "RHBZ#1292849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1292849", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5348", url: "https://www.cve.org/CVERecord?id=CVE-2015-5348", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5348", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5348", }, { category: "external", summary: "https://camel.apache.org/security-advisories.data/CVE-2015-5348.txt", url: "https://camel.apache.org/security-advisories.data/CVE-2015-5348.txt", }, ], release_date: "2015-12-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Camel: Java object deserialisation in Jetty/Servlet", }, { cve: "CVE-2015-7940", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276272", }, ], notes: [ { category: "description", text: "It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: Invalid curve attack allowing to extract private keys", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7940", }, { category: "external", summary: "RHBZ#1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7940", url: "https://www.cve.org/CVERecord?id=CVE-2015-7940", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", }, ], release_date: "2015-09-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bouncycastle: Invalid curve attack allowing to extract private keys", }, { acknowledgments: [ { names: [ "Dennis Reed", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2016-2141", discovery_date: "2015-11-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1313589", }, ], notes: [ { category: "description", text: "It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.", title: "Vulnerability description", }, { category: "summary", text: "JGroups: Authorization bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2141", }, { category: "external", summary: "RHBZ#1313589", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313589", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2141", url: "https://www.cve.org/CVERecord?id=CVE-2016-2141", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2141", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2141", }, ], release_date: "2016-06-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, { category: "workaround", details: "Please refer to https://access.redhat.com/articles/2360521 for more information.", product_ids: [ "Red Hat JBoss Fuse 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "JGroups: Authorization bypass", }, { cve: "CVE-2016-2510", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1310647", }, ], notes: [ { category: "description", text: "A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.", title: "Vulnerability description", }, { category: "summary", text: "bsh2: remote code execution via deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2510", }, { category: "external", summary: "RHBZ#1310647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310647", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2510", url: "https://www.cve.org/CVERecord?id=CVE-2016-2510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2510", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2510", }, { category: "external", summary: "https://github.com/beanshell/beanshell/releases/tag/2.0b6", url: "https://github.com/beanshell/beanshell/releases/tag/2.0b6", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "bsh2: remote code execution via deserialization", }, { cve: "CVE-2016-4437", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1343346", }, ], notes: [ { category: "description", text: "It was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Security constraint bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4437", }, { category: "external", summary: "RHBZ#1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4437", url: "https://www.cve.org/CVERecord?id=CVE-2016-4437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2016-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2021-11-03T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "shiro: Security constraint bypass", }, ], }
RHSA-2016:2035
Vulnerability from csaf_redhat
Published
2016-10-06 16:18
Modified
2024-12-29 18:16
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update
Notes
Topic
Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
Red Hat JBoss Fuse 6.3 is a minor product release that updates Red Hat JBoss Fuse 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.
Security Fix(es):
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141)
A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library. (CVE-2016-2510)
It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)
It was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks. (CVE-2015-5344)
It was found that Apache Camel's Jetty/Servlet permitted object deserialization. If using camel-jetty or camel-servlet as a consumer in Camel routes, then Camel will automatically deserialize HTTP requests that use the content-header: application/x-java-serialized-object. An attacker could use this vulnerability to gain access to unauthorized information or conduct further attacks. (CVE-2015-5348)
It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)
The CVE-2016-2141 issue was discovered by Dennis Reed (Red Hat).
Refer to the Product Documentation link in the References section for installation instructions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.\n\nRed Hat JBoss Fuse 6.3 is a minor product release that updates Red Hat JBoss Fuse 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.\n\nSecurity Fix(es):\n\nIt was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141)\n\nA deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library. (CVE-2016-2510)\n\nIt was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)\n\nA denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)\n\nIt was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks. (CVE-2015-5344)\n\nIt was found that Apache Camel's Jetty/Servlet permitted object deserialization. If using camel-jetty or camel-servlet as a consumer in Camel routes, then Camel will automatically deserialize HTTP requests that use the content-header: application/x-java-serialized-object. An attacker could use this vulnerability to gain access to unauthorized information or conduct further attacks. (CVE-2015-5348)\n\nIt was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)\n\nThe CVE-2016-2141 issue was discovered by Dennis Reed (Red Hat).\n\nRefer to the Product Documentation link in the References section for installation instructions.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:2035", url: "https://access.redhat.com/errata/RHSA-2016:2035", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", url: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", }, { category: "external", summary: "1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "1292849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1292849", }, { category: "external", summary: "1303609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1303609", }, { category: "external", summary: "1310647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310647", }, { category: "external", summary: "1313589", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313589", }, { category: "external", summary: "1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2035.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update", tracking: { current_release_date: "2024-12-29T18:16:31+00:00", generator: { date: "2024-12-29T18:16:31+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.4", }, }, id: "RHSA-2016:2035", initial_release_date: "2016-10-06T16:18:07+00:00", revision_history: [ { date: "2016-10-06T16:18:07+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:38:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-29T18:16:31+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Fuse 6.3", product: { name: "Red Hat JBoss Fuse 6.3", product_id: "Red Hat JBoss Fuse 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-3192", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2015-06-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1239002", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.", title: "Vulnerability description", }, { category: "summary", text: "Framework: denial-of-service attack with XML input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3192", }, { category: "external", summary: "RHBZ#1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3192", url: "https://www.cve.org/CVERecord?id=CVE-2015-3192", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", }, { category: "external", summary: "http://pivotal.io/security/cve-2015-3192", url: "http://pivotal.io/security/cve-2015-3192", }, ], release_date: "2015-06-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Framework: denial-of-service attack with XML input", }, { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "Red Hat JBoss Fuse 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-5344", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2016-01-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1303609", }, ], notes: [ { category: "description", text: "It was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks.", title: "Vulnerability description", }, { category: "summary", text: "camel-xstream: Java object de-serialization vulnerability leads to RCE", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5344", }, { category: "external", summary: "RHBZ#1303609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1303609", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5344", url: "https://www.cve.org/CVERecord?id=CVE-2015-5344", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5344", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5344", }, { category: "external", summary: "https://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc?version=1&modificationDate=1454056803000&api=v2", url: "https://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc?version=1&modificationDate=1454056803000&api=v2", }, ], release_date: "2015-11-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "MULTIPLE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:M/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "camel-xstream: Java object de-serialization vulnerability leads to RCE", }, { cve: "CVE-2015-5348", discovery_date: "2015-12-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1292849", }, ], notes: [ { category: "description", text: "It was found that Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability. If using camel-jetty, or camel-servlet as a consumer in Camel routes, then Camel will automatically de-serialize HTTP requests that uses the content-header: application/x-java-serialized-object.", title: "Vulnerability description", }, { category: "summary", text: "Camel: Java object deserialisation in Jetty/Servlet", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5348", }, { category: "external", summary: "RHBZ#1292849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1292849", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5348", url: "https://www.cve.org/CVERecord?id=CVE-2015-5348", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5348", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5348", }, { category: "external", summary: "https://camel.apache.org/security-advisories.data/CVE-2015-5348.txt", url: "https://camel.apache.org/security-advisories.data/CVE-2015-5348.txt", }, ], release_date: "2015-12-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Camel: Java object deserialisation in Jetty/Servlet", }, { cve: "CVE-2015-7940", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276272", }, ], notes: [ { category: "description", text: "It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: Invalid curve attack allowing to extract private keys", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7940", }, { category: "external", summary: "RHBZ#1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7940", url: "https://www.cve.org/CVERecord?id=CVE-2015-7940", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", }, ], release_date: "2015-09-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bouncycastle: Invalid curve attack allowing to extract private keys", }, { acknowledgments: [ { names: [ "Dennis Reed", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2016-2141", discovery_date: "2015-11-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1313589", }, ], notes: [ { category: "description", text: "It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.", title: "Vulnerability description", }, { category: "summary", text: "JGroups: Authorization bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2141", }, { category: "external", summary: "RHBZ#1313589", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313589", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2141", url: "https://www.cve.org/CVERecord?id=CVE-2016-2141", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2141", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2141", }, ], release_date: "2016-06-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, { category: "workaround", details: "Please refer to https://access.redhat.com/articles/2360521 for more information.", product_ids: [ "Red Hat JBoss Fuse 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "JGroups: Authorization bypass", }, { cve: "CVE-2016-2510", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1310647", }, ], notes: [ { category: "description", text: "A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.", title: "Vulnerability description", }, { category: "summary", text: "bsh2: remote code execution via deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2510", }, { category: "external", summary: "RHBZ#1310647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310647", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2510", url: "https://www.cve.org/CVERecord?id=CVE-2016-2510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2510", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2510", }, { category: "external", summary: "https://github.com/beanshell/beanshell/releases/tag/2.0b6", url: "https://github.com/beanshell/beanshell/releases/tag/2.0b6", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "bsh2: remote code execution via deserialization", }, { cve: "CVE-2016-4437", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1343346", }, ], notes: [ { category: "description", text: "It was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Security constraint bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4437", }, { category: "external", summary: "RHBZ#1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4437", url: "https://www.cve.org/CVERecord?id=CVE-2016-4437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2016-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2021-11-03T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "shiro: Security constraint bypass", }, ], }
rhsa-2016_2035
Vulnerability from csaf_redhat
Published
2016-10-06 16:18
Modified
2024-12-29 18:16
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update
Notes
Topic
Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
Red Hat JBoss Fuse 6.3 is a minor product release that updates Red Hat JBoss Fuse 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.
Security Fix(es):
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141)
A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library. (CVE-2016-2510)
It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)
It was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks. (CVE-2015-5344)
It was found that Apache Camel's Jetty/Servlet permitted object deserialization. If using camel-jetty or camel-servlet as a consumer in Camel routes, then Camel will automatically deserialize HTTP requests that use the content-header: application/x-java-serialized-object. An attacker could use this vulnerability to gain access to unauthorized information or conduct further attacks. (CVE-2015-5348)
It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)
The CVE-2016-2141 issue was discovered by Dennis Reed (Red Hat).
Refer to the Product Documentation link in the References section for installation instructions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.\n\nRed Hat JBoss Fuse 6.3 is a minor product release that updates Red Hat JBoss Fuse 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.\n\nSecurity Fix(es):\n\nIt was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141)\n\nA deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library. (CVE-2016-2510)\n\nIt was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)\n\nA denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)\n\nIt was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks. (CVE-2015-5344)\n\nIt was found that Apache Camel's Jetty/Servlet permitted object deserialization. If using camel-jetty or camel-servlet as a consumer in Camel routes, then Camel will automatically deserialize HTTP requests that use the content-header: application/x-java-serialized-object. An attacker could use this vulnerability to gain access to unauthorized information or conduct further attacks. (CVE-2015-5348)\n\nIt was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)\n\nThe CVE-2016-2141 issue was discovered by Dennis Reed (Red Hat).\n\nRefer to the Product Documentation link in the References section for installation instructions.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:2035", url: "https://access.redhat.com/errata/RHSA-2016:2035", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", url: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", }, { category: "external", summary: "1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "1292849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1292849", }, { category: "external", summary: "1303609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1303609", }, { category: "external", summary: "1310647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310647", }, { category: "external", summary: "1313589", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313589", }, { category: "external", summary: "1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2035.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update", tracking: { current_release_date: "2024-12-29T18:16:31+00:00", generator: { date: "2024-12-29T18:16:31+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.4", }, }, id: "RHSA-2016:2035", initial_release_date: "2016-10-06T16:18:07+00:00", revision_history: [ { date: "2016-10-06T16:18:07+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:38:22+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-29T18:16:31+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Fuse 6.3", product: { name: "Red Hat JBoss Fuse 6.3", product_id: "Red Hat JBoss Fuse 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-3192", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2015-06-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1239002", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.", title: "Vulnerability description", }, { category: "summary", text: "Framework: denial-of-service attack with XML input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3192", }, { category: "external", summary: "RHBZ#1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3192", url: "https://www.cve.org/CVERecord?id=CVE-2015-3192", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", }, { category: "external", summary: "http://pivotal.io/security/cve-2015-3192", url: "http://pivotal.io/security/cve-2015-3192", }, ], release_date: "2015-06-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Framework: denial-of-service attack with XML input", }, { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "Red Hat JBoss Fuse 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-5344", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2016-01-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1303609", }, ], notes: [ { category: "description", text: "It was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks.", title: "Vulnerability description", }, { category: "summary", text: "camel-xstream: Java object de-serialization vulnerability leads to RCE", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5344", }, { category: "external", summary: "RHBZ#1303609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1303609", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5344", url: "https://www.cve.org/CVERecord?id=CVE-2015-5344", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5344", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5344", }, { category: "external", summary: "https://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc?version=1&modificationDate=1454056803000&api=v2", url: "https://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc?version=1&modificationDate=1454056803000&api=v2", }, ], release_date: "2015-11-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "MULTIPLE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:M/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "camel-xstream: Java object de-serialization vulnerability leads to RCE", }, { cve: "CVE-2015-5348", discovery_date: "2015-12-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1292849", }, ], notes: [ { category: "description", text: "It was found that Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability. If using camel-jetty, or camel-servlet as a consumer in Camel routes, then Camel will automatically de-serialize HTTP requests that uses the content-header: application/x-java-serialized-object.", title: "Vulnerability description", }, { category: "summary", text: "Camel: Java object deserialisation in Jetty/Servlet", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5348", }, { category: "external", summary: "RHBZ#1292849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1292849", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5348", url: "https://www.cve.org/CVERecord?id=CVE-2015-5348", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5348", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5348", }, { category: "external", summary: "https://camel.apache.org/security-advisories.data/CVE-2015-5348.txt", url: "https://camel.apache.org/security-advisories.data/CVE-2015-5348.txt", }, ], release_date: "2015-12-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Camel: Java object deserialisation in Jetty/Servlet", }, { cve: "CVE-2015-7940", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276272", }, ], notes: [ { category: "description", text: "It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: Invalid curve attack allowing to extract private keys", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7940", }, { category: "external", summary: "RHBZ#1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7940", url: "https://www.cve.org/CVERecord?id=CVE-2015-7940", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", }, ], release_date: "2015-09-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bouncycastle: Invalid curve attack allowing to extract private keys", }, { acknowledgments: [ { names: [ "Dennis Reed", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2016-2141", discovery_date: "2015-11-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1313589", }, ], notes: [ { category: "description", text: "It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.", title: "Vulnerability description", }, { category: "summary", text: "JGroups: Authorization bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2141", }, { category: "external", summary: "RHBZ#1313589", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1313589", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2141", url: "https://www.cve.org/CVERecord?id=CVE-2016-2141", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2141", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2141", }, ], release_date: "2016-06-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, { category: "workaround", details: "Please refer to https://access.redhat.com/articles/2360521 for more information.", product_ids: [ "Red Hat JBoss Fuse 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "JGroups: Authorization bypass", }, { cve: "CVE-2016-2510", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2016-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1310647", }, ], notes: [ { category: "description", text: "A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.", title: "Vulnerability description", }, { category: "summary", text: "bsh2: remote code execution via deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2510", }, { category: "external", summary: "RHBZ#1310647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310647", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2510", url: "https://www.cve.org/CVERecord?id=CVE-2016-2510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2510", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2510", }, { category: "external", summary: "https://github.com/beanshell/beanshell/releases/tag/2.0b6", url: "https://github.com/beanshell/beanshell/releases/tag/2.0b6", }, ], release_date: "2016-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "bsh2: remote code execution via deserialization", }, { cve: "CVE-2016-4437", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1343346", }, ], notes: [ { category: "description", text: "It was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Security constraint bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Fuse 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4437", }, { category: "external", summary: "RHBZ#1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4437", url: "https://www.cve.org/CVERecord?id=CVE-2016-4437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2016-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:07+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss Fuse 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2035", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss Fuse 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2021-11-03T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "shiro: Security constraint bypass", }, ], }
rhsa-2016:0489
Vulnerability from csaf_redhat
Published
2016-03-22 16:49
Modified
2024-11-22 09:45
Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update
Notes
Topic
Red Hat OpenShift Enterprise release 2.2.9, which fixes several
security issues, several bugs, and introduces feature enhancements, is
now available.
Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
The following security issue is addressed with this release:
It was found that ActiveMQ did not safely handle user supplied data
when deserializing objects. A remote attacker could use this flaw to
execute arbitrary code with the permissions of the ActiveMQ
application. (CVE-2015-5254)
An update for Jenkins Continuous Integration Server that addresses a
large number of security issues including XSS, CSRF, information
disclosure and code execution have been addressed as well.
(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320,
CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324,
CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538,
CVE-2015-7539, CVE-2015-8103)
Space precludes documenting all of the bug fixes in this advisory. See
the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.9, for details about these changes:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Enterprise release 2.2.9, which fixes several \nsecurity issues, several bugs, and introduces feature enhancements, is \nnow available.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nThe following security issue is addressed with this release:\n\nIt was found that ActiveMQ did not safely handle user supplied data \nwhen deserializing objects. A remote attacker could use this flaw to \nexecute arbitrary code with the permissions of the ActiveMQ \napplication. (CVE-2015-5254)\n\nAn update for Jenkins Continuous Integration Server that addresses a \nlarge number of security issues including XSS, CSRF, information \ndisclosure and code execution have been addressed as well. \n(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, \nCVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, \nCVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538, \nCVE-2015-7539, CVE-2015-8103)\n\nSpace precludes documenting all of the bug fixes in this advisory. See\nthe OpenShift Enterprise Technical Notes, which will be updated\nshortly for release 2.2.9, for details about these changes:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html\n\nAll OpenShift Enterprise 2 users are advised to upgrade to these \nupdated packages.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:0489", url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1111456", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1111456", }, { category: "external", summary: "1140816", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1140816", }, { category: "external", summary: "1160934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1160934", }, { category: "external", summary: "1168480", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1168480", }, { category: "external", summary: "1169690", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1169690", }, { category: "external", summary: "1265423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265423", }, { category: "external", summary: "1265811", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1265811", }, { category: "external", summary: "1279584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279584", }, { category: "external", summary: "1282359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282359", }, { category: "external", summary: "1282361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282361", }, { category: "external", summary: "1282362", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282362", }, { category: "external", summary: "1282363", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282363", }, { category: "external", summary: "1282364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282364", }, { category: "external", summary: "1282365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282365", }, { category: "external", summary: "1282366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282366", }, { category: "external", summary: "1282367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282367", }, { category: "external", summary: "1282368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282368", }, { category: "external", summary: "1282369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282369", }, { category: "external", summary: "1282371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282371", }, { category: "external", summary: "1283372", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1283372", }, { category: "external", summary: "1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "1291795", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291795", }, { category: "external", summary: "1291797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291797", }, { category: "external", summary: "1291798", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291798", }, { category: "external", summary: "1294513", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1294513", }, { category: "external", summary: "1299014", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1299014", }, { category: "external", summary: "1299095", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1299095", }, { category: "external", summary: "1302787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1302787", }, { category: "external", summary: "1305688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1305688", }, { category: "external", summary: "1307174", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1307174", }, { category: "external", summary: "1307175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1307175", }, { category: "external", summary: "1308716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308716", }, { category: "external", summary: "1308718", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308718", }, { category: "external", summary: "1308720", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308720", }, { category: "external", summary: "1308722", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308722", }, { category: "external", summary: "1308739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1308739", }, { category: "external", summary: "1310247", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310247", }, { category: "external", summary: "1310266", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310266", }, { category: "external", summary: "1310841", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310841", }, { category: "external", summary: "1314535", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1314535", }, { category: "external", summary: "1314546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1314546", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0489.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update", tracking: { current_release_date: "2024-11-22T09:45:53+00:00", generator: { date: "2024-11-22T09:45:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:0489", initial_release_date: "2016-03-22T16:49:04+00:00", revision_history: [ { date: "2016-03-22T16:49:04+00:00", number: "1", summary: "Initial version", }, { date: "2016-03-22T16:49:04+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T09:45:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Enterprise Infrastructure 2.2", product: { name: "Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, { category: "product_name", name: "Red Hat OpenShift Enterprise Node 2.2", product: { name: "Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, { category: "product_name", name: "Red Hat OpenShift Enterprise Client 2.2", product: { name: "Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:2.0::el6", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product_id: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade@2.2.9-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product_id: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product_id: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product_id: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product_id: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product_id: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rhc-0:1.38.6.1-1.el6op.src", product: { name: "rhc-0:1.38.6.1-1.el6op.src", product_id: "rhc-0:1.38.6.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "php-0:5.3.3-46.el6_7.1.src", product: { name: "php-0:5.3.3-46.el6_7.1.src", product_id: "php-0:5.3.3-46.el6_7.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/php@5.3.3-46.el6_7.1?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product_id: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product_id: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product_id: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product_id: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product_id: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product_id: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=src", }, }, }, { category: "product_version", name: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product_id: "activemq-0:5.9.0-6.redhat.611454.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=src", }, }, }, { category: "product_version", name: "jenkins-0:1.625.3-1.el6op.src", product: { name: "jenkins-0:1.625.3-1.el6op.src", product_id: "jenkins-0:1.625.3-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=src", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product_id: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-release@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade-node@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-yum-validator@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product_id: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-enterprise-upgrade-broker@2.2.9-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product_id: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rhc-0:1.38.6.1-1.el6op.noarch", product: { name: "rhc-0:1.38.6.1-1.el6op.noarch", product_id: "rhc-0:1.38.6.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product_id: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product_id: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product_id: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product_id: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product_id: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product_id: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-0:1.625.3-1.el6op.noarch", product: { name: "jenkins-0:1.625.3-1.el6op.noarch", product_id: "jenkins-0:1.625.3-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=noarch", }, }, }, { category: "product_version", name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product_id: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-intl-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-intl@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-process-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-process-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-process-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-process@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-fpm@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-devel-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-devel@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-bcmath@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-debuginfo@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-imap-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-imap@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product: { name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product_id: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/php-mbstring@5.3.3-46.el6_7.1?arch=x86_64", }, }, }, { category: "product_version", name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product_id: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/activemq-client@5.9.0-6.redhat.611454.el6op?arch=x86_64", }, }, }, { category: "product_version", name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product_id: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhc-0:1.38.6.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", }, product_reference: "rhc-0:1.38.6.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-CLIENT-2.2", }, { category: "default_component_of", full_product_name: { name: "rhc-0:1.38.6.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Client 2.2", product_id: "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", }, product_reference: "rhc-0:1.38.6.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-CLIENT-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", }, product_reference: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", }, product_reference: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", }, product_reference: "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2", product_id: "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-INFRA-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", }, product_reference: "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:1.625.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", }, product_reference: "jenkins-0:1.625.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:1.625.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", }, product_reference: "jenkins-0:1.625.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-release-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", }, product_reference: "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", }, product_reference: "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", }, product_reference: "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", }, product_reference: "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", }, product_reference: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", }, product_reference: "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", }, product_reference: "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", }, product_reference: "openshift-origin-node-util-0:1.38.6.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-0:5.3.3-46.el6_7.1.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", }, product_reference: "php-0:5.3.3-46.el6_7.1.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-bcmath-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-devel-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-devel-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-fpm-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-fpm-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-imap-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-imap-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-intl-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-intl-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-mbstring-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "php-process-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", }, product_reference: "php-process-0:5.3.3-46.el6_7.1.x86_64", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", }, product_reference: "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", }, product_reference: "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", }, product_reference: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, { category: "default_component_of", full_product_name: { name: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2", product_id: "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", }, product_reference: "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", relates_to_product_reference: "6Server-RHOSE-NODE-2.2", }, ], }, vulnerabilities: [ { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-5317", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282359", }, ], notes: [ { category: "description", text: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Project name disclosure via fingerprints (SECURITY-153)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5317", }, { category: "external", summary: "RHBZ#1282359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282359", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5317", url: "https://www.cve.org/CVERecord?id=CVE-2015-5317", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5317", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "exploit_status", date: "2023-05-12T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Low", }, ], title: "jenkins: Project name disclosure via fingerprints (SECURITY-153)", }, { cve: "CVE-2015-5318", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282361", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Public value used for CSRF protection salt (SECURITY-169)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5318", }, { category: "external", summary: "RHBZ#1282361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282361", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5318", url: "https://www.cve.org/CVERecord?id=CVE-2015-5318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5318", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Public value used for CSRF protection salt (SECURITY-169)", }, { cve: "CVE-2015-5319", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282362", }, ], notes: [ { category: "description", text: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: XXE injection into job configurations via CLI (SECURITY-173)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5319", }, { category: "external", summary: "RHBZ#1282362", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282362", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5319", url: "https://www.cve.org/CVERecord?id=CVE-2015-5319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5319", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: XXE injection into job configurations via CLI (SECURITY-173)", }, { cve: "CVE-2015-5320", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282363", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Secret key not verified when connecting a slave (SECURITY-184)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5320", }, { category: "external", summary: "RHBZ#1282363", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282363", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5320", url: "https://www.cve.org/CVERecord?id=CVE-2015-5320", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5320", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins: Secret key not verified when connecting a slave (SECURITY-184)", }, { cve: "CVE-2015-5321", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282364", }, ], notes: [ { category: "description", text: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Information disclosure via sidepanel (SECURITY-192)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5321", }, { category: "external", summary: "RHBZ#1282364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5321", url: "https://www.cve.org/CVERecord?id=CVE-2015-5321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5321", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Information disclosure via sidepanel (SECURITY-192)", }, { cve: "CVE-2015-5322", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282365", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Local file inclusion vulnerability (SECURITY-195)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5322", }, { category: "external", summary: "RHBZ#1282365", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282365", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5322", url: "https://www.cve.org/CVERecord?id=CVE-2015-5322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5322", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: Local file inclusion vulnerability (SECURITY-195)", }, { cve: "CVE-2015-5323", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282366", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: API tokens of other users available to admins (SECURITY-200)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5323", }, { category: "external", summary: "RHBZ#1282366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282366", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5323", url: "https://www.cve.org/CVERecord?id=CVE-2015-5323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5323", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: API tokens of other users available to admins (SECURITY-200)", }, { cve: "CVE-2015-5324", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282367", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Queue API did show items not visible to the current user (SECURITY-186)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5324", }, { category: "external", summary: "RHBZ#1282367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282367", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5324", url: "https://www.cve.org/CVERecord?id=CVE-2015-5324", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5324", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Queue API did show items not visible to the current user (SECURITY-186)", }, { cve: "CVE-2015-5325", discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282368", }, ], notes: [ { category: "description", text: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5325", }, { category: "external", summary: "RHBZ#1282368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282368", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5325", url: "https://www.cve.org/CVERecord?id=CVE-2015-5325", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5325", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)", }, { cve: "CVE-2015-5326", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282369", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5326", }, { category: "external", summary: "RHBZ#1282369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5326", url: "https://www.cve.org/CVERecord?id=CVE-2015-5326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5326", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)", }, { cve: "CVE-2015-7537", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291795", }, ], notes: [ { category: "description", text: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7537", }, { category: "external", summary: "RHBZ#1291795", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291795", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7537", url: "https://www.cve.org/CVERecord?id=CVE-2015-7537", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7537", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7537", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)", }, { cve: "CVE-2015-7538", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291797", }, ], notes: [ { category: "description", text: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: CSRF protection ineffective (SECURITY-233)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7538", }, { category: "external", summary: "RHBZ#1291797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291797", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7538", url: "https://www.cve.org/CVERecord?id=CVE-2015-7538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7538", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7538", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: CSRF protection ineffective (SECURITY-233)", }, { cve: "CVE-2015-7539", discovery_date: "2015-12-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291798", }, ], notes: [ { category: "description", text: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7539", }, { category: "external", summary: "RHBZ#1291798", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291798", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7539", url: "https://www.cve.org/CVERecord?id=CVE-2015-7539", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7539", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7539", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], release_date: "2015-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)", }, { cve: "CVE-2015-8103", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-11-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1282371", }, ], notes: [ { category: "description", text: "The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the \"Groovy variant in 'ysoserial'\".", title: "Vulnerability description", }, { category: "summary", text: "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-8103", }, { category: "external", summary: "RHBZ#1282371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-8103", url: "https://www.cve.org/CVERecord?id=CVE-2015-8103", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-8103", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8103", }, { category: "external", summary: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], release_date: "2015-11-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-03-22T16:49:04+00:00", details: "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:0489", }, { category: "workaround", details: "https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli", product_ids: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch", "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch", "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src", "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src", "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch", "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)", }, ], }
RHSA-2016:2036
Vulnerability from csaf_redhat
Published
2016-10-06 16:18
Modified
2024-11-22 10:24
Summary
Red Hat Security Advisory: Red Hat JBoss A-MQ 6.3 security update
Notes
Topic
Red Hat JBoss A-MQ 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.
Red Hat JBoss A-MQ 6.3 is a minor product release that updates Red Hat JBoss A-MQ 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.
Security Fix(es):
It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)
It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)
Refer to the Product Documentation link in the References section for installation instructions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss A-MQ 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.\n\nRed Hat JBoss A-MQ 6.3 is a minor product release that updates Red Hat JBoss A-MQ 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.\n\nSecurity Fix(es):\n\nIt was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)\n\nA denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)\n\nIt was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)\n\nRefer to the Product Documentation link in the References section for installation instructions.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:2036", url: "https://access.redhat.com/errata/RHSA-2016:2036", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq&downloadType=distributions&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq&downloadType=distributions&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", url: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", }, { category: "external", summary: "1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2036.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss A-MQ 6.3 security update", tracking: { current_release_date: "2024-11-22T10:24:24+00:00", generator: { date: "2024-11-22T10:24:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:2036", initial_release_date: "2016-10-06T16:18:02+00:00", revision_history: [ { date: "2016-10-06T16:18:02+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:40:10+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T10:24:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ 6.3", product: { name: "Red Hat JBoss A-MQ 6.3", product_id: "Red Hat JBoss A-MQ 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss AMQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-3192", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2015-06-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1239002", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.", title: "Vulnerability description", }, { category: "summary", text: "Framework: denial-of-service attack with XML input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3192", }, { category: "external", summary: "RHBZ#1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3192", url: "https://www.cve.org/CVERecord?id=CVE-2015-3192", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", }, { category: "external", summary: "http://pivotal.io/security/cve-2015-3192", url: "http://pivotal.io/security/cve-2015-3192", }, ], release_date: "2015-06-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Framework: denial-of-service attack with XML input", }, { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-7940", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276272", }, ], notes: [ { category: "description", text: "It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: Invalid curve attack allowing to extract private keys", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7940", }, { category: "external", summary: "RHBZ#1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7940", url: "https://www.cve.org/CVERecord?id=CVE-2015-7940", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", }, ], release_date: "2015-09-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bouncycastle: Invalid curve attack allowing to extract private keys", }, { cve: "CVE-2016-3088", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2016-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1339318", }, ], notes: [ { category: "description", text: "The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.", title: "Vulnerability description", }, { category: "summary", text: "activemq: Fileserver web application vulnerability allowing RCE", title: "Vulnerability summary", }, { category: "other", text: "Red Hat JBoss A-MQ 6.3 , Red Hat JBoss Fuse 6.3, and Red Hat JBoss Fuse Service Works 6.0.0 do not provide the vulnerable component and are not affected by this flaw. Red Hat JBoss A-MQ 6.2.1 and Red Hat JBoss Fuse 6.2.1 disable the vulnerable component and as such are not vulnerable to this flaw. The fileserver component was first disabled in A-MQ 6.2.0 and Fuse 6.2.0. Users of older, unsupported versions of these products are strongly advised to observe the mitigation provided on this page.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-3088", }, { category: "external", summary: "RHBZ#1339318", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1339318", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-3088", url: "https://www.cve.org/CVERecord?id=CVE-2016-3088", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-3088", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-3088", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2016-05-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, { category: "workaround", details: "Users are advised to use other FTP and HTTP based file servers for transferring blob messages. Fileserver web application SHOULD NOT be used in older version of the broker and it should be disabled (it has been disabled by default since 5.12.0). This can be done by removing (commenting out) the following lines from conf\\jetty.xml file\n\n<bean class=\"org.eclipse.jetty.webapp.WebAppContext\">\n <property name=\"contextPath\" value=\"/fileserver\" />\n <property name=\"resourceBase\" value=\"${activemq.home}/webapps/fileserver\" />\n <property name=\"logUrlOnStart\" value=\"true\" />\n <property name=\"parentLoaderPriority\" value=\"true\" />\n</bean>", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2022-02-10T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "activemq: Fileserver web application vulnerability allowing RCE", }, { cve: "CVE-2016-4437", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1343346", }, ], notes: [ { category: "description", text: "It was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Security constraint bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4437", }, { category: "external", summary: "RHBZ#1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4437", url: "https://www.cve.org/CVERecord?id=CVE-2016-4437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2016-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2021-11-03T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "shiro: Security constraint bypass", }, ], }
rhsa-2016_2036
Vulnerability from csaf_redhat
Published
2016-10-06 16:18
Modified
2024-11-22 10:24
Summary
Red Hat Security Advisory: Red Hat JBoss A-MQ 6.3 security update
Notes
Topic
Red Hat JBoss A-MQ 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.
Red Hat JBoss A-MQ 6.3 is a minor product release that updates Red Hat JBoss A-MQ 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.
Security Fix(es):
It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)
A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)
It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)
Refer to the Product Documentation link in the References section for installation instructions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss A-MQ 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.\n\nRed Hat JBoss A-MQ 6.3 is a minor product release that updates Red Hat JBoss A-MQ 6.2.1, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the Product Documentation link in the References section, for a list of these changes.\n\nSecurity Fix(es):\n\nIt was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content. (CVE-2016-4437)\n\nA denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. (CVE-2015-3192)\n\nIt was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries. (CVE-2015-7940)\n\nRefer to the Product Documentation link in the References section for installation instructions.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2016:2036", url: "https://access.redhat.com/errata/RHSA-2016:2036", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq&downloadType=distributions&version=6.3.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq&downloadType=distributions&version=6.3.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", url: "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/?version=6.3", }, { category: "external", summary: "1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2036.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss A-MQ 6.3 security update", tracking: { current_release_date: "2024-11-22T10:24:24+00:00", generator: { date: "2024-11-22T10:24:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2016:2036", initial_release_date: "2016-10-06T16:18:02+00:00", revision_history: [ { date: "2016-10-06T16:18:02+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:40:10+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T10:24:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ 6.3", product: { name: "Red Hat JBoss A-MQ 6.3", product_id: "Red Hat JBoss A-MQ 6.3", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:6.3", }, }, }, ], category: "product_family", name: "Red Hat JBoss AMQ", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2015-3192", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2015-06-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1239002", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.", title: "Vulnerability description", }, { category: "summary", text: "Framework: denial-of-service attack with XML input", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-3192", }, { category: "external", summary: "RHBZ#1239002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1239002", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-3192", url: "https://www.cve.org/CVERecord?id=CVE-2015-3192", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-3192", }, { category: "external", summary: "http://pivotal.io/security/cve-2015-3192", url: "http://pivotal.io/security/cve-2015-3192", }, ], release_date: "2015-06-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Framework: denial-of-service attack with XML input", }, { cve: "CVE-2015-5254", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2015-12-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1291292", }, ], notes: [ { category: "description", text: "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", title: "Vulnerability description", }, { category: "summary", text: "ObjectMessage: unsafe deserialization", title: "Vulnerability summary", }, { category: "other", text: "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-5254", }, { category: "external", summary: "RHBZ#1291292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291292", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-5254", url: "https://www.cve.org/CVERecord?id=CVE-2015-5254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, ], release_date: "2015-12-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, { category: "workaround", details: "If you do deploy a JMS publisher, and subscriber, and don't trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ObjectMessage: unsafe deserialization", }, { cve: "CVE-2015-7940", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2015-10-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1276272", }, ], notes: [ { category: "description", text: "It was found that bouncycastle is vulnerable to an invalid curve attack. An attacker could extract private keys used in elliptic curve cryptography with a few thousand queries.", title: "Vulnerability description", }, { category: "summary", text: "bouncycastle: Invalid curve attack allowing to extract private keys", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2015-7940", }, { category: "external", summary: "RHBZ#1276272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276272", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2015-7940", url: "https://www.cve.org/CVERecord?id=CVE-2015-7940", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7940", }, ], release_date: "2015-09-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "bouncycastle: Invalid curve attack allowing to extract private keys", }, { cve: "CVE-2016-3088", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2016-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1339318", }, ], notes: [ { category: "description", text: "The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.", title: "Vulnerability description", }, { category: "summary", text: "activemq: Fileserver web application vulnerability allowing RCE", title: "Vulnerability summary", }, { category: "other", text: "Red Hat JBoss A-MQ 6.3 , Red Hat JBoss Fuse 6.3, and Red Hat JBoss Fuse Service Works 6.0.0 do not provide the vulnerable component and are not affected by this flaw. Red Hat JBoss A-MQ 6.2.1 and Red Hat JBoss Fuse 6.2.1 disable the vulnerable component and as such are not vulnerable to this flaw. The fileserver component was first disabled in A-MQ 6.2.0 and Fuse 6.2.0. Users of older, unsupported versions of these products are strongly advised to observe the mitigation provided on this page.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-3088", }, { category: "external", summary: "RHBZ#1339318", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1339318", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-3088", url: "https://www.cve.org/CVERecord?id=CVE-2016-3088", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-3088", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-3088", }, { category: "external", summary: "http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt", url: "http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2016-05-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, { category: "workaround", details: "Users are advised to use other FTP and HTTP based file servers for transferring blob messages. Fileserver web application SHOULD NOT be used in older version of the broker and it should be disabled (it has been disabled by default since 5.12.0). This can be done by removing (commenting out) the following lines from conf\\jetty.xml file\n\n<bean class=\"org.eclipse.jetty.webapp.WebAppContext\">\n <property name=\"contextPath\" value=\"/fileserver\" />\n <property name=\"resourceBase\" value=\"${activemq.home}/webapps/fileserver\" />\n <property name=\"logUrlOnStart\" value=\"true\" />\n <property name=\"parentLoaderPriority\" value=\"true\" />\n</bean>", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2022-02-10T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "activemq: Fileserver web application vulnerability allowing RCE", }, { cve: "CVE-2016-4437", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2016-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1343346", }, ], notes: [ { category: "description", text: "It was found that Apache Shiro uses a default cipher key for its \"remember me\" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content.", title: "Vulnerability description", }, { category: "summary", text: "shiro: Security constraint bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.3", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4437", }, { category: "external", summary: "RHBZ#1343346", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1343346", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4437", url: "https://www.cve.org/CVERecord?id=CVE-2016-4437", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4437", }, { category: "external", summary: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", url: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, ], release_date: "2016-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2016-10-06T16:18:02+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.3", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2016:2036", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat JBoss A-MQ 6.3", ], }, ], threats: [ { category: "exploit_status", date: "2021-11-03T00:00:00+00:00", details: "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog", }, { category: "impact", details: "Important", }, ], title: "shiro: Security constraint bypass", }, ], }
fkie_cve-2015-5254
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2024-11-21 02:32
Severity ?
Summary
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift | 2.0 | |
| apache | activemq | 5.0.0 | |
| apache | activemq | 5.1.0 | |
| apache | activemq | 5.2.0 | |
| apache | activemq | 5.3.0 | |
| apache | activemq | 5.3.1 | |
| apache | activemq | 5.3.2 | |
| apache | activemq | 5.4.0 | |
| apache | activemq | 5.4.1 | |
| apache | activemq | 5.4.3 | |
| apache | activemq | 5.5.0 | |
| apache | activemq | 5.5.1 | |
| apache | activemq | 5.6.0 | |
| apache | activemq | 5.7.0 | |
| apache | activemq | 5.8.0 | |
| apache | activemq | 5.9.0 | |
| apache | activemq | 5.9.1 | |
| apache | activemq | 5.10.0 | |
| apache | activemq | 5.10.1 | |
| apache | activemq | 5.10.2 | |
| apache | activemq | 5.11.0 | |
| apache | activemq | 5.11.1 | |
| apache | activemq | 5.11.2 | |
| apache | activemq | 5.12.0 | |
| apache | activemq | 5.12.1 | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "436F59B9-507A-4B4E-A9F3-022616866151", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F58D9E69-CBF2-4FB6-B062-ED21F83CBCCB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "05D6EC30-88DC-4424-BF86-D9C0DA5E191C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "82ACD6BA-257F-49D0-8944-0991FB038533", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "C43FD7A1-FC03-47BC-B6C6-02C0F1466762", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*", matchCriteriaId: "A7A8D571-2925-4F61-B3F0-8F4A3776F6EA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*", matchCriteriaId: "47B31CD9-A3BB-427C-A631-2E8168DD1985", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*", matchCriteriaId: "6B904806-6796-4947-BDF4-EEA5681147E8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*", matchCriteriaId: "6075BF1D-AC7C-46E3-A730-4E9A98856520", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*", matchCriteriaId: "623530FC-12E9-480B-AFA0-C19FCFFA5D36", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*", matchCriteriaId: "C5755A41-0DBE-4F54-A1C1-4F65DCC6ACD2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*", matchCriteriaId: "11AADFBF-AC60-4535-892C-BE90BE858172", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*", matchCriteriaId: "AC5143E8-B392-4954-9C0D-DD39388B669F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4C0A644-8667-4ABD-8BB3-46289DCD3A93", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "607B6541-973A-4FF5-8106-A30076CA353C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "08310F87-4C45-436F-A707-A22A4ACB1587", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*", matchCriteriaId: "4243B47C-26B9-45BE-B66A-F1534D18A265", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*", matchCriteriaId: "26258CBF-39D0-45FD-AC6B-3D9840CB88EE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*", matchCriteriaId: "532FC7B8-31FD-459C-B757-4D17D4E6ED63", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*", matchCriteriaId: "36710BEE-E9B8-4979-BB75-6CEF7836268B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*", matchCriteriaId: "F15DF0DF-FDBD-4196-88DE-023CF90AA0D0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*", matchCriteriaId: "0E1A027B-EDBB-4305-BCE2-5DA862F9A3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*", matchCriteriaId: "1DA90EA1-64F2-44DD-86A8-E35191C79446", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*", matchCriteriaId: "8E7D827D-8180-4605-98CB-03436F916B27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", matchCriteriaId: "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", }, { lang: "es", value: "Apache ActiveMQ 5.x en versiones anteriores a 5.13.0 no restringe las clases que pueden ser serializadas en el broker, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto ObjectMessage Java Message Service (JMS) serializado manipulado.", }, ], id: "CVE-2015-5254", lastModified: "2024-11-21T02:32:39.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-08T19:59:00.113", references: [ { source: "secalert@redhat.com", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3524", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-q9hr-3pg4-3jp4
Vulnerability from github
Published
2022-05-13 01:30
Modified
2023-12-20 20:12
Severity ?
Summary
Improper Input Validation in Apache ActiveMQ
Details
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
{ affected: [ { package: { ecosystem: "Maven", name: "org.apache.activemq:activemq-client", }, ranges: [ { events: [ { introduced: "5.0.0", }, { fixed: "5.11.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.activemq:activemq-client", }, ranges: [ { events: [ { introduced: "5.12.0", }, { fixed: "5.12.2", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2015-5254", ], database_specific: { cwe_ids: [ "CWE-20", ], github_reviewed: true, github_reviewed_at: "2022-07-06T20:11:33Z", nvd_published_at: "2016-01-08T19:59:00Z", severity: "CRITICAL", }, details: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", id: "GHSA-q9hr-3pg4-3jp4", modified: "2023-12-20T20:12:49Z", published: "2022-05-13T01:30:05Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", }, { type: "WEB", url: "https://github.com/apache/activemq/commit/6f03921b31d9fefeddb0f4fa63150ed1f94a14b", }, { type: "WEB", url: "https://github.com/apache/activemq/commit/73a0caf758f9e4916783a205c7e422b4db27905", }, { type: "WEB", url: "https://github.com/apache/activemq/commit/7eb9b218b2705cf9273e30ee2da026e43b6dd4e", }, { type: "WEB", url: "https://github.com/apache/activemq/commit/e7a4b53f799685e337972dd36ba0253c04bcc01", }, { type: "WEB", url: "https://github.com/apache/activemq", }, { type: "WEB", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { type: "WEB", url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { type: "WEB", url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E", }, { type: "WEB", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { type: "WEB", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { type: "WEB", url: "http://www.debian.org/security/2016/dsa-3524", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { type: "WEB", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { type: "WEB", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], summary: "Improper Input Validation in Apache ActiveMQ", }
gsd-2015-5254
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Aliases
Aliases
{ GSD: { alias: "CVE-2015-5254", description: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", id: "GSD-2015-5254", references: [ "https://www.debian.org/security/2016/dsa-3524", "https://access.redhat.com/errata/RHSA-2016:2036", "https://access.redhat.com/errata/RHSA-2016:2035", "https://access.redhat.com/errata/RHSA-2016:0489", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2015-5254", ], details: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", id: "GSD-2015-5254", modified: "2023-12-13T01:20:06.022761Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5254", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3524", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3524", }, { name: "RHSA-2016:2035", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { name: "FEDORA-2015-7ca4368b0c", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { name: "FEDORA-2015-eefc5a6762", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { name: "RHSA-2016:2036", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "https://issues.apache.org/jira/browse/AMQ-6013", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", refsource: "CONFIRM", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "[5.0.0,5.13.0)", affected_versions: "All versions starting from 5.0.0 before 5.13.0", cvss_v2: "AV:N/AC:L/Au:N/C:P/I:P/A:P", cvss_v3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", cwe_ids: [ "CWE-1035", "CWE-20", "CWE-78", "CWE-937", ], date: "2022-07-06", description: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", fixed_versions: [ "5.13.0", ], identifier: "CVE-2015-5254", identifiers: [ "GHSA-q9hr-3pg4-3jp4", "CVE-2015-5254", ], not_impacted: "All versions before 5.0.0, all versions starting from 5.13.0", package_slug: "maven/org.apache.activemq/activemq-client", pubdate: "2022-05-13", solution: "Upgrade to version 5.13.0 or above.", title: "Improper Input Validation", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2015-5254", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "https://issues.apache.org/jira/browse/AMQ-6013", "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E", "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", "http://rhn.redhat.com/errata/RHSA-2016-0489.html", "http://rhn.redhat.com/errata/RHSA-2016-2035.html", "http://rhn.redhat.com/errata/RHSA-2016-2036.html", "http://www.debian.org/security/2016/dsa-3524", "http://www.openwall.com/lists/oss-security/2015/12/08/6", "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "https://github.com/advisories/GHSA-q9hr-3pg4-3jp4", ], uuid: "c74a4887-7457-4f9f-82bc-b37f645dc4ec", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5254", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2015-eefc5a6762", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ", refsource: "MLIST", tags: [], url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { name: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", refsource: "CONFIRM", tags: [], url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { name: "FEDORA-2015-7ca4368b0c", refsource: "FEDORA", tags: [], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { name: "https://issues.apache.org/jira/browse/AMQ-6013", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { name: "RHSA-2016:0489", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "DSA-3524", refsource: "DEBIAN", tags: [], url: "http://www.debian.org/security/2016/dsa-3524", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", refsource: "CONFIRM", tags: [], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", tags: [], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", tags: [], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "RHSA-2016:2036", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { name: "RHSA-2016:2035", refsource: "REDHAT", tags: [], url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", refsource: "MLIST", tags: [], url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, }, }, lastModifiedDate: "2019-12-17T17:41Z", publishedDate: "2016-01-08T19:59Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.