Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2008-2369
Vulnerability from cvelistv5
Published
2008-08-14 20:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:58:01.815Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1020694", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1020694", }, { name: "RHSA-2008:0630", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2008-0630.html", }, { name: "31493", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31493", }, { name: "rhnss-manzier-information-disclosure(44452)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452", }, { name: "30679", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30679", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-13T00:00:00", descriptions: [ { lang: "en", value: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "1020694", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1020694", }, { name: "RHSA-2008:0630", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2008-0630.html", }, { name: "31493", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31493", }, { name: "rhnss-manzier-information-disclosure(44452)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452", }, { name: "30679", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30679", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-2369", datePublished: "2008-08-14T20:00:00", dateReserved: "2008-05-21T00:00:00", dateUpdated: "2024-08-07T08:58:01.815Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2008-2369\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-08-14T20:41:00.000\",\"lastModified\":\"2024-11-21T00:46:43.780\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.\"},{\"lang\":\"es\",\"value\":\"manzier.pxt en Red Hat Network Satellite Server en versiones anteriores a la 5.1.1 tiene una clave de autenticación fijada en codigo (\\\"Hard-coded\\\"), que permite a atacantes remotos conectarse al servidor y obtener información sensible sobre cuentas de usuario y derechos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.1.1\",\"matchCriteriaId\":\"4716BC2A-BEE9-48CF-859B-6EB21A62A7AD\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2008-0630.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31493\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1020694\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/30679\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44452\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2008-0630.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1020694\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/30679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}", }, }
gsd-2008-2369
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
Aliases
Aliases
{ GSD: { alias: "CVE-2008-2369", description: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", id: "GSD-2008-2369", references: [ "https://access.redhat.com/errata/RHSA-2008:0630", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2008-2369", ], details: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", id: "GSD-2008-2369", modified: "2023-12-13T01:23:00.913512Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2008-2369", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_affected: "=", version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://rhn.redhat.com/errata/RHSA-2008-0630.html", refsource: "MISC", url: "http://rhn.redhat.com/errata/RHSA-2008-0630.html", }, { name: "http://secunia.com/advisories/31493", refsource: "MISC", url: "http://secunia.com/advisories/31493", }, { name: "http://securitytracker.com/id?1020694", refsource: "MISC", url: "http://securitytracker.com/id?1020694", }, { name: "http://www.securityfocus.com/bid/30679", refsource: "MISC", url: "http://www.securityfocus.com/bid/30679", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452", }, ], }, }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*", matchCriteriaId: "4716BC2A-BEE9-48CF-859B-6EB21A62A7AD", versionEndExcluding: "5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", }, { lang: "es", value: "manzier.pxt en Red Hat Network Satellite Server en versiones anteriores a la 5.1.1 tiene una clave de autenticación fijada en codigo (\"Hard-coded\"), que permite a atacantes remotos conectarse al servidor y obtener información sensible sobre cuentas de usuario y derechos.", }, ], id: "CVE-2008-2369", lastModified: "2024-02-13T16:46:38.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2008-08-14T20:41:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2008-0630.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31493", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1020694", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30679", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }, }, }, }
rhsa-2008_0630
Vulnerability from csaf_redhat
Published
2008-08-13 14:17
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: Red Hat Network Satellite Server security update
Notes
Topic
Red Hat Network Satellite Server version 5.1.1 is now available. This
update includes fixes for a number of security issues in Red Hat Network
Satellite Server components.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
During an internal security audit, it was discovered that Red Hat Network
Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a
single hard-coded authentication key. A remote attacker who is able to
connect to the Satellite Server XML-RPC service could use this flaw to
obtain limited information about Satellite Server users, such as login
names, associated email addresses, internal user IDs, and partial
information about entitlements. (CVE-2008-2369)
This release also corrects several security vulnerabilities in various
components shipped as part of Red Hat Network Satellite Server 5.1. In a
typical operating environment, these components are not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)
A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,
CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,
CVE-2008-0128)
Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
5.1.1, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", title: "Topic", }, { category: "general", text: "During an internal security audit, it was discovered that Red Hat Network\nSatellite Server shipped with an XML-RPC script, manzier.pxt, which had a\nsingle hard-coded authentication key. A remote attacker who is able to\nconnect to the Satellite Server XML-RPC service could use this flaw to\nobtain limited information about Satellite Server users, such as login\nnames, associated email addresses, internal user IDs, and partial\ninformation about entitlements. (CVE-2008-2369)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of Red Hat Network Satellite Server 5.1. In a\ntypical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,\nCVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,\nCVE-2008-0128)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\n5.1.1, which resolves these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0630", url: "https://access.redhat.com/errata/RHSA-2008:0630", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "238401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=238401", }, { category: "external", summary: "240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "244804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244804", }, { category: "external", summary: "253166", url: "https://bugzilla.redhat.com/show_bug.cgi?id=253166", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "421081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=421081", }, { category: "external", summary: "429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "430522", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430522", }, { category: "external", summary: "430646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430646", }, { category: "external", summary: "452461", url: "https://bugzilla.redhat.com/show_bug.cgi?id=452461", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0630.json", }, ], title: "Red Hat Security Advisory: Red Hat Network Satellite Server security update", tracking: { current_release_date: "2024-11-22T02:13:53+00:00", generator: { date: "2024-11-22T02:13:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0630", initial_release_date: "2008-08-13T14:17:00+00:00", revision_history: [ { date: "2008-08-13T14:17:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-08-13T10:55:17+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product: { name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1", product_identification_helper: { cpe: "cpe:/a:redhat:network_satellite:5.1::el4", }, }, }, ], category: "product_family", name: "Red Hat Satellite", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390x", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.s390x", product: { name: "mod_perl-0:2.0.2-12.el4.s390x", product_id: "mod_perl-0:2.0.2-12.el4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.s390", product: { name: "mod_perl-0:2.0.2-12.el4.s390", product_id: "mod_perl-0:2.0.2-12.el4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.x86_64", product: { name: "mod_perl-0:2.0.2-12.el4.x86_64", product_id: "mod_perl-0:2.0.2-12.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=i386", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.i386", product: { name: "mod_perl-0:2.0.2-12.el4.i386", product_id: "mod_perl-0:2.0.2-12.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.0.30-0jpp_10rh.noarch", product: { name: "tomcat5-0:5.0.30-0jpp_10rh.noarch", product_id: "tomcat5-0:5.0.30-0jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "jfreechart-0:0.9.20-3.rhn.noarch", product: { name: "jfreechart-0:0.9.20-3.rhn.noarch", product_id: "jfreechart-0:0.9.20-3.rhn.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch", }, }, }, { category: "product_version", name: "perl-Crypt-CBC-0:2.24-1.el4.noarch", product: { name: "perl-Crypt-CBC-0:2.24-1.el4.noarch", product_id: "perl-Crypt-CBC-0:2.24-1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhn-html-0:5.1.1-7.noarch", product: { name: "rhn-html-0:5.1.1-7.noarch", product_id: "rhn-html-0:5.1.1-7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhn-html@5.1.1-7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", }, product_reference: "jfreechart-0:0.9.20-3.rhn.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", }, product_reference: "mod_perl-0:2.0.2-12.el4.i386", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", }, product_reference: "mod_perl-0:2.0.2-12.el4.s390", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", }, product_reference: "mod_perl-0:2.0.2-12.el4.s390x", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", }, product_reference: "mod_perl-0:2.0.2-12.el4.x86_64", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", }, product_reference: "perl-Crypt-CBC-0:2.24-1.el4.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "rhn-html-0:5.1.1-7.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", }, product_reference: "rhn-html-0:5.1.1-7.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", }, product_reference: "tomcat5-0:5.0.30-0jpp_10rh.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, ], }, vulnerabilities: [ { cve: "CVE-2005-4838", discovery_date: "2005-01-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "238401", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.", title: "Vulnerability description", }, { category: "summary", text: "tomcat manager example DoS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-4838", }, { category: "external", summary: "RHBZ#238401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=238401", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-4838", url: "https://www.cve.org/CVERecord?id=CVE-2005-4838", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", }, ], release_date: "2005-01-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat manager example DoS", }, { cve: "CVE-2006-0254", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2006-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "430646", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.", title: "Vulnerability description", }, { category: "summary", text: "tomcat examples XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-0254", }, { category: "external", summary: "RHBZ#430646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430646", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-0254", url: "https://www.cve.org/CVERecord?id=CVE-2006-0254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-0254", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-0254", }, ], release_date: "2006-01-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat examples XSS", }, { cve: "CVE-2006-0898", ids: [ { system_name: "Red Hat Bugzilla ID", text: "430522", }, ], notes: [ { category: "description", text: "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.", title: "Vulnerability description", }, { category: "summary", text: "perl-Crypt-CBC weaker encryption with some ciphers", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-0898", }, { category: "external", summary: "RHBZ#430522", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430522", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-0898", url: "https://www.cve.org/CVERecord?id=CVE-2006-0898", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-0898", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-0898", }, ], release_date: "2006-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "perl-Crypt-CBC weaker encryption with some ciphers", }, { cve: "CVE-2007-1349", discovery_date: "2007-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "240423", }, ], notes: [ { category: "description", text: "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", title: "Vulnerability description", }, { category: "summary", text: "mod_perl PerlRun denial of service", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1349", }, { category: "external", summary: "RHBZ#240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1349", url: "https://www.cve.org/CVERecord?id=CVE-2007-1349", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", }, ], release_date: "2007-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_perl PerlRun denial of service", }, { cve: "CVE-2007-1355", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-05-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "253166", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "tomcat XSS in samples", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1355", }, { category: "external", summary: "RHBZ#253166", url: "https://bugzilla.redhat.com/show_bug.cgi?id=253166", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1355", url: "https://www.cve.org/CVERecord?id=CVE-2007-1355", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1355", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1355", }, ], release_date: "2007-05-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat XSS in samples", }, { cve: "CVE-2007-1358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244803", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", title: "Vulnerability description", }, { category: "summary", text: "tomcat accept-language xss flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1358", }, { category: "external", summary: "RHBZ#244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1358", url: "https://www.cve.org/CVERecord?id=CVE-2007-1358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", }, ], release_date: "2007-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat accept-language xss flaw", }, { cve: "CVE-2007-2449", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244804", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.", title: "Vulnerability description", }, { category: "summary", text: "tomcat examples jsp XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-2449", }, { category: "external", summary: "RHBZ#244804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-2449", url: "https://www.cve.org/CVERecord?id=CVE-2007-2449", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", }, ], release_date: "2007-06-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat examples jsp XSS", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2007-6306", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "421081", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.", title: "Vulnerability description", }, { category: "summary", text: "JFreeChart: XSS vulnerabilities in the image map feature", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-6306", }, { category: "external", summary: "RHBZ#421081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=421081", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-6306", url: "https://www.cve.org/CVERecord?id=CVE-2007-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-6306", }, ], release_date: "2007-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JFreeChart: XSS vulnerabilities in the image map feature", }, { cve: "CVE-2008-0128", discovery_date: "2008-01-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "429821", }, ], notes: [ { category: "description", text: "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", title: "Vulnerability description", }, { category: "summary", text: "tomcat5 SSO cookie login information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0128", }, { category: "external", summary: "RHBZ#429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0128", url: "https://www.cve.org/CVERecord?id=CVE-2008-0128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", }, ], release_date: "2006-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat5 SSO cookie login information disclosure", }, { cve: "CVE-2008-2369", discovery_date: "2008-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "452461", }, ], notes: [ { category: "description", text: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", title: "Vulnerability description", }, { category: "summary", text: "Satellite: information disclosure via manzier.pxt RPC script", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2369", }, { category: "external", summary: "RHBZ#452461", url: "https://bugzilla.redhat.com/show_bug.cgi?id=452461", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2369", url: "https://www.cve.org/CVERecord?id=CVE-2008-2369", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2369", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2369", }, ], release_date: "2008-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Satellite: information disclosure via manzier.pxt RPC script", }, ], }
RHSA-2008:0630
Vulnerability from csaf_redhat
Published
2008-08-13 14:17
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: Red Hat Network Satellite Server security update
Notes
Topic
Red Hat Network Satellite Server version 5.1.1 is now available. This
update includes fixes for a number of security issues in Red Hat Network
Satellite Server components.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
During an internal security audit, it was discovered that Red Hat Network
Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a
single hard-coded authentication key. A remote attacker who is able to
connect to the Satellite Server XML-RPC service could use this flaw to
obtain limited information about Satellite Server users, such as login
names, associated email addresses, internal user IDs, and partial
information about entitlements. (CVE-2008-2369)
This release also corrects several security vulnerabilities in various
components shipped as part of Red Hat Network Satellite Server 5.1. In a
typical operating environment, these components are not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)
A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,
CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,
CVE-2008-0128)
Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
5.1.1, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", title: "Topic", }, { category: "general", text: "During an internal security audit, it was discovered that Red Hat Network\nSatellite Server shipped with an XML-RPC script, manzier.pxt, which had a\nsingle hard-coded authentication key. A remote attacker who is able to\nconnect to the Satellite Server XML-RPC service could use this flaw to\nobtain limited information about Satellite Server users, such as login\nnames, associated email addresses, internal user IDs, and partial\ninformation about entitlements. (CVE-2008-2369)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of Red Hat Network Satellite Server 5.1. In a\ntypical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,\nCVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,\nCVE-2008-0128)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\n5.1.1, which resolves these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0630", url: "https://access.redhat.com/errata/RHSA-2008:0630", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "238401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=238401", }, { category: "external", summary: "240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "244804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244804", }, { category: "external", summary: "253166", url: "https://bugzilla.redhat.com/show_bug.cgi?id=253166", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "421081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=421081", }, { category: "external", summary: "429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "430522", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430522", }, { category: "external", summary: "430646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430646", }, { category: "external", summary: "452461", url: "https://bugzilla.redhat.com/show_bug.cgi?id=452461", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0630.json", }, ], title: "Red Hat Security Advisory: Red Hat Network Satellite Server security update", tracking: { current_release_date: "2024-11-22T02:13:53+00:00", generator: { date: "2024-11-22T02:13:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0630", initial_release_date: "2008-08-13T14:17:00+00:00", revision_history: [ { date: "2008-08-13T14:17:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-08-13T10:55:17+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product: { name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1", product_identification_helper: { cpe: "cpe:/a:redhat:network_satellite:5.1::el4", }, }, }, ], category: "product_family", name: "Red Hat Satellite", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390x", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.s390x", product: { name: "mod_perl-0:2.0.2-12.el4.s390x", product_id: "mod_perl-0:2.0.2-12.el4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.s390", product: { name: "mod_perl-0:2.0.2-12.el4.s390", product_id: "mod_perl-0:2.0.2-12.el4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.x86_64", product: { name: "mod_perl-0:2.0.2-12.el4.x86_64", product_id: "mod_perl-0:2.0.2-12.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=i386", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.i386", product: { name: "mod_perl-0:2.0.2-12.el4.i386", product_id: "mod_perl-0:2.0.2-12.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.0.30-0jpp_10rh.noarch", product: { name: "tomcat5-0:5.0.30-0jpp_10rh.noarch", product_id: "tomcat5-0:5.0.30-0jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "jfreechart-0:0.9.20-3.rhn.noarch", product: { name: "jfreechart-0:0.9.20-3.rhn.noarch", product_id: "jfreechart-0:0.9.20-3.rhn.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch", }, }, }, { category: "product_version", name: "perl-Crypt-CBC-0:2.24-1.el4.noarch", product: { name: "perl-Crypt-CBC-0:2.24-1.el4.noarch", product_id: "perl-Crypt-CBC-0:2.24-1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhn-html-0:5.1.1-7.noarch", product: { name: "rhn-html-0:5.1.1-7.noarch", product_id: "rhn-html-0:5.1.1-7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhn-html@5.1.1-7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", }, product_reference: "jfreechart-0:0.9.20-3.rhn.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", }, product_reference: "mod_perl-0:2.0.2-12.el4.i386", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", }, product_reference: "mod_perl-0:2.0.2-12.el4.s390", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", }, product_reference: "mod_perl-0:2.0.2-12.el4.s390x", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", }, product_reference: "mod_perl-0:2.0.2-12.el4.x86_64", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", }, product_reference: "perl-Crypt-CBC-0:2.24-1.el4.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "rhn-html-0:5.1.1-7.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", }, product_reference: "rhn-html-0:5.1.1-7.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", }, product_reference: "tomcat5-0:5.0.30-0jpp_10rh.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, ], }, vulnerabilities: [ { cve: "CVE-2005-4838", discovery_date: "2005-01-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "238401", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.", title: "Vulnerability description", }, { category: "summary", text: "tomcat manager example DoS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-4838", }, { category: "external", summary: "RHBZ#238401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=238401", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-4838", url: "https://www.cve.org/CVERecord?id=CVE-2005-4838", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", }, ], release_date: "2005-01-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat manager example DoS", }, { cve: "CVE-2006-0254", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2006-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "430646", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.", title: "Vulnerability description", }, { category: "summary", text: "tomcat examples XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-0254", }, { category: "external", summary: "RHBZ#430646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430646", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-0254", url: "https://www.cve.org/CVERecord?id=CVE-2006-0254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-0254", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-0254", }, ], release_date: "2006-01-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat examples XSS", }, { cve: "CVE-2006-0898", ids: [ { system_name: "Red Hat Bugzilla ID", text: "430522", }, ], notes: [ { category: "description", text: "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.", title: "Vulnerability description", }, { category: "summary", text: "perl-Crypt-CBC weaker encryption with some ciphers", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-0898", }, { category: "external", summary: "RHBZ#430522", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430522", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-0898", url: "https://www.cve.org/CVERecord?id=CVE-2006-0898", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-0898", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-0898", }, ], release_date: "2006-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "perl-Crypt-CBC weaker encryption with some ciphers", }, { cve: "CVE-2007-1349", discovery_date: "2007-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "240423", }, ], notes: [ { category: "description", text: "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", title: "Vulnerability description", }, { category: "summary", text: "mod_perl PerlRun denial of service", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1349", }, { category: "external", summary: "RHBZ#240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1349", url: "https://www.cve.org/CVERecord?id=CVE-2007-1349", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", }, ], release_date: "2007-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_perl PerlRun denial of service", }, { cve: "CVE-2007-1355", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-05-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "253166", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "tomcat XSS in samples", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1355", }, { category: "external", summary: "RHBZ#253166", url: "https://bugzilla.redhat.com/show_bug.cgi?id=253166", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1355", url: "https://www.cve.org/CVERecord?id=CVE-2007-1355", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1355", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1355", }, ], release_date: "2007-05-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat XSS in samples", }, { cve: "CVE-2007-1358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244803", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", title: "Vulnerability description", }, { category: "summary", text: "tomcat accept-language xss flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1358", }, { category: "external", summary: "RHBZ#244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1358", url: "https://www.cve.org/CVERecord?id=CVE-2007-1358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", }, ], release_date: "2007-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat accept-language xss flaw", }, { cve: "CVE-2007-2449", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244804", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.", title: "Vulnerability description", }, { category: "summary", text: "tomcat examples jsp XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-2449", }, { category: "external", summary: "RHBZ#244804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-2449", url: "https://www.cve.org/CVERecord?id=CVE-2007-2449", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", }, ], release_date: "2007-06-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat examples jsp XSS", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2007-6306", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "421081", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.", title: "Vulnerability description", }, { category: "summary", text: "JFreeChart: XSS vulnerabilities in the image map feature", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-6306", }, { category: "external", summary: "RHBZ#421081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=421081", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-6306", url: "https://www.cve.org/CVERecord?id=CVE-2007-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-6306", }, ], release_date: "2007-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JFreeChart: XSS vulnerabilities in the image map feature", }, { cve: "CVE-2008-0128", discovery_date: "2008-01-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "429821", }, ], notes: [ { category: "description", text: "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", title: "Vulnerability description", }, { category: "summary", text: "tomcat5 SSO cookie login information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0128", }, { category: "external", summary: "RHBZ#429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0128", url: "https://www.cve.org/CVERecord?id=CVE-2008-0128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", }, ], release_date: "2006-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat5 SSO cookie login information disclosure", }, { cve: "CVE-2008-2369", discovery_date: "2008-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "452461", }, ], notes: [ { category: "description", text: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", title: "Vulnerability description", }, { category: "summary", text: "Satellite: information disclosure via manzier.pxt RPC script", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2369", }, { category: "external", summary: "RHBZ#452461", url: "https://bugzilla.redhat.com/show_bug.cgi?id=452461", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2369", url: "https://www.cve.org/CVERecord?id=CVE-2008-2369", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2369", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2369", }, ], release_date: "2008-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Satellite: information disclosure via manzier.pxt RPC script", }, ], }
rhsa-2008:0630
Vulnerability from csaf_redhat
Published
2008-08-13 14:17
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: Red Hat Network Satellite Server security update
Notes
Topic
Red Hat Network Satellite Server version 5.1.1 is now available. This
update includes fixes for a number of security issues in Red Hat Network
Satellite Server components.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
During an internal security audit, it was discovered that Red Hat Network
Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a
single hard-coded authentication key. A remote attacker who is able to
connect to the Satellite Server XML-RPC service could use this flaw to
obtain limited information about Satellite Server users, such as login
names, associated email addresses, internal user IDs, and partial
information about entitlements. (CVE-2008-2369)
This release also corrects several security vulnerabilities in various
components shipped as part of Red Hat Network Satellite Server 5.1. In a
typical operating environment, these components are not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)
A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,
CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,
CVE-2008-0128)
Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
5.1.1, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", title: "Topic", }, { category: "general", text: "During an internal security audit, it was discovered that Red Hat Network\nSatellite Server shipped with an XML-RPC script, manzier.pxt, which had a\nsingle hard-coded authentication key. A remote attacker who is able to\nconnect to the Satellite Server XML-RPC service could use this flaw to\nobtain limited information about Satellite Server users, such as login\nnames, associated email addresses, internal user IDs, and partial\ninformation about entitlements. (CVE-2008-2369)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of Red Hat Network Satellite Server 5.1. In a\ntypical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,\nCVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,\nCVE-2008-0128)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\n5.1.1, which resolves these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0630", url: "https://access.redhat.com/errata/RHSA-2008:0630", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "238401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=238401", }, { category: "external", summary: "240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "244804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244804", }, { category: "external", summary: "253166", url: "https://bugzilla.redhat.com/show_bug.cgi?id=253166", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "421081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=421081", }, { category: "external", summary: "429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "430522", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430522", }, { category: "external", summary: "430646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430646", }, { category: "external", summary: "452461", url: "https://bugzilla.redhat.com/show_bug.cgi?id=452461", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0630.json", }, ], title: "Red Hat Security Advisory: Red Hat Network Satellite Server security update", tracking: { current_release_date: "2024-11-22T02:13:53+00:00", generator: { date: "2024-11-22T02:13:53+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0630", initial_release_date: "2008-08-13T14:17:00+00:00", revision_history: [ { date: "2008-08-13T14:17:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-08-13T10:55:17+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:53+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product: { name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1", product_identification_helper: { cpe: "cpe:/a:redhat:network_satellite:5.1::el4", }, }, }, ], category: "product_family", name: "Red Hat Satellite", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390x", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.s390x", product: { name: "mod_perl-0:2.0.2-12.el4.s390x", product_id: "mod_perl-0:2.0.2-12.el4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=s390", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.s390", product: { name: "mod_perl-0:2.0.2-12.el4.s390", product_id: "mod_perl-0:2.0.2-12.el4.s390", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=s390", }, }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=x86_64", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.x86_64", product: { name: "mod_perl-0:2.0.2-12.el4.x86_64", product_id: "mod_perl-0:2.0.2-12.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", product: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", product_id: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl-debuginfo@2.0.2-12.el4?arch=i386", }, }, }, { category: "product_version", name: "mod_perl-0:2.0.2-12.el4.i386", product: { name: "mod_perl-0:2.0.2-12.el4.i386", product_id: "mod_perl-0:2.0.2-12.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/mod_perl@2.0.2-12.el4?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.0.30-0jpp_10rh.noarch", product: { name: "tomcat5-0:5.0.30-0jpp_10rh.noarch", product_id: "tomcat5-0:5.0.30-0jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "jfreechart-0:0.9.20-3.rhn.noarch", product: { name: "jfreechart-0:0.9.20-3.rhn.noarch", product_id: "jfreechart-0:0.9.20-3.rhn.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch", }, }, }, { category: "product_version", name: "perl-Crypt-CBC-0:2.24-1.el4.noarch", product: { name: "perl-Crypt-CBC-0:2.24-1.el4.noarch", product_id: "perl-Crypt-CBC-0:2.24-1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhn-html-0:5.1.1-7.noarch", product: { name: "rhn-html-0:5.1.1-7.noarch", product_id: "rhn-html-0:5.1.1-7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhn-html@5.1.1-7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", }, product_reference: "jfreechart-0:0.9.20-3.rhn.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", }, product_reference: "mod_perl-0:2.0.2-12.el4.i386", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", }, product_reference: "mod_perl-0:2.0.2-12.el4.s390", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", }, product_reference: "mod_perl-0:2.0.2-12.el4.s390x", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", }, product_reference: "mod_perl-0:2.0.2-12.el4.x86_64", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.i386 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.i386", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.s390", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.s390x", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", }, product_reference: "mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", }, product_reference: "perl-Crypt-CBC-0:2.24-1.el4.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "rhn-html-0:5.1.1-7.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", }, product_reference: "rhn-html-0:5.1.1-7.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", }, product_reference: "tomcat5-0:5.0.30-0jpp_10rh.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, ], }, vulnerabilities: [ { cve: "CVE-2005-4838", discovery_date: "2005-01-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "238401", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.", title: "Vulnerability description", }, { category: "summary", text: "tomcat manager example DoS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-4838", }, { category: "external", summary: "RHBZ#238401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=238401", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-4838", url: "https://www.cve.org/CVERecord?id=CVE-2005-4838", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", }, ], release_date: "2005-01-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat manager example DoS", }, { cve: "CVE-2006-0254", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2006-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "430646", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.", title: "Vulnerability description", }, { category: "summary", text: "tomcat examples XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-0254", }, { category: "external", summary: "RHBZ#430646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430646", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-0254", url: "https://www.cve.org/CVERecord?id=CVE-2006-0254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-0254", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-0254", }, ], release_date: "2006-01-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat examples XSS", }, { cve: "CVE-2006-0898", ids: [ { system_name: "Red Hat Bugzilla ID", text: "430522", }, ], notes: [ { category: "description", text: "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.", title: "Vulnerability description", }, { category: "summary", text: "perl-Crypt-CBC weaker encryption with some ciphers", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-0898", }, { category: "external", summary: "RHBZ#430522", url: "https://bugzilla.redhat.com/show_bug.cgi?id=430522", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-0898", url: "https://www.cve.org/CVERecord?id=CVE-2006-0898", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-0898", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-0898", }, ], release_date: "2006-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "perl-Crypt-CBC weaker encryption with some ciphers", }, { cve: "CVE-2007-1349", discovery_date: "2007-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "240423", }, ], notes: [ { category: "description", text: "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", title: "Vulnerability description", }, { category: "summary", text: "mod_perl PerlRun denial of service", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1349", }, { category: "external", summary: "RHBZ#240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1349", url: "https://www.cve.org/CVERecord?id=CVE-2007-1349", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", }, ], release_date: "2007-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_perl PerlRun denial of service", }, { cve: "CVE-2007-1355", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-05-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "253166", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "tomcat XSS in samples", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1355", }, { category: "external", summary: "RHBZ#253166", url: "https://bugzilla.redhat.com/show_bug.cgi?id=253166", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1355", url: "https://www.cve.org/CVERecord?id=CVE-2007-1355", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1355", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1355", }, ], release_date: "2007-05-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat XSS in samples", }, { cve: "CVE-2007-1358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244803", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", title: "Vulnerability description", }, { category: "summary", text: "tomcat accept-language xss flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1358", }, { category: "external", summary: "RHBZ#244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1358", url: "https://www.cve.org/CVERecord?id=CVE-2007-1358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", }, ], release_date: "2007-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat accept-language xss flaw", }, { cve: "CVE-2007-2449", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-05-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244804", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.", title: "Vulnerability description", }, { category: "summary", text: "tomcat examples jsp XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-2449", }, { category: "external", summary: "RHBZ#244804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244804", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-2449", url: "https://www.cve.org/CVERecord?id=CVE-2007-2449", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", }, ], release_date: "2007-06-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat examples jsp XSS", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2007-6306", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "421081", }, ], notes: [ { category: "description", text: "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.", title: "Vulnerability description", }, { category: "summary", text: "JFreeChart: XSS vulnerabilities in the image map feature", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-6306", }, { category: "external", summary: "RHBZ#421081", url: "https://bugzilla.redhat.com/show_bug.cgi?id=421081", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-6306", url: "https://www.cve.org/CVERecord?id=CVE-2007-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-6306", }, ], release_date: "2007-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "JFreeChart: XSS vulnerabilities in the image map feature", }, { cve: "CVE-2008-0128", discovery_date: "2008-01-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "429821", }, ], notes: [ { category: "description", text: "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", title: "Vulnerability description", }, { category: "summary", text: "tomcat5 SSO cookie login information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0128", }, { category: "external", summary: "RHBZ#429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0128", url: "https://www.cve.org/CVERecord?id=CVE-2008-0128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", }, ], release_date: "2006-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat5 SSO cookie login information disclosure", }, { cve: "CVE-2008-2369", discovery_date: "2008-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "452461", }, ], notes: [ { category: "description", text: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", title: "Vulnerability description", }, { category: "summary", text: "Satellite: information disclosure via manzier.pxt RPC script", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2369", }, { category: "external", summary: "RHBZ#452461", url: "https://bugzilla.redhat.com/show_bug.cgi?id=452461", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2369", url: "https://www.cve.org/CVERecord?id=CVE-2008-2369", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2369", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2369", }, ], release_date: "2008-08-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-13T14:17:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0630", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-RHNSAT5.1:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.i386", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.s390x", "4AS-RHNSAT5.1:mod_perl-debuginfo-0:2.0.2-12.el4.x86_64", "4AS-RHNSAT5.1:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5.1:rhn-html-0:5.1.1-7.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_10rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Satellite: information disclosure via manzier.pxt RPC script", }, ], }
fkie_cve-2008-2369
Vulnerability from fkie_nvd
Published
2008-08-14 20:41
Modified
2024-11-21 00:46
Severity ?
Summary
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*", matchCriteriaId: "4716BC2A-BEE9-48CF-859B-6EB21A62A7AD", versionEndExcluding: "5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", }, { lang: "es", value: "manzier.pxt en Red Hat Network Satellite Server en versiones anteriores a la 5.1.1 tiene una clave de autenticación fijada en codigo (\"Hard-coded\"), que permite a atacantes remotos conectarse al servidor y obtener información sensible sobre cuentas de usuario y derechos.", }, ], id: "CVE-2008-2369", lastModified: "2024-11-21T00:46:43.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2008-08-14T20:41:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2008-0630.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31493", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1020694", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30679", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2008-0630.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1020694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30679", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-53xg-795p-rwf7
Vulnerability from github
Published
2022-05-01 23:49
Modified
2024-02-13 18:38
Severity ?
Details
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
{ affected: [], aliases: [ "CVE-2008-2369", ], database_specific: { cwe_ids: [ "CWE-798", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2008-08-14T20:41:00Z", severity: "MODERATE", }, details: "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.", id: "GHSA-53xg-795p-rwf7", modified: "2024-02-13T18:38:21Z", published: "2022-05-01T23:49:30Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2369", }, { type: "WEB", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452", }, { type: "WEB", url: "http://rhn.redhat.com/errata/RHSA-2008-0630.html", }, { type: "WEB", url: "http://secunia.com/advisories/31493", }, { type: "WEB", url: "http://securitytracker.com/id?1020694", }, { type: "WEB", url: "http://www.securityfocus.com/bid/30679", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.