Action not permitted
Modal body text goes here.
cve-2009-0783
Vulnerability from cvelistv5
Published
2009-06-05 15:25
Modified
2024-08-07 04:48
Severity ?
EPSS score ?
Summary
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:48:52.307Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "HPSBMA02535", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?rev=652592\u0026view=rev" }, { "name": "MDVSA-2009:138", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" }, { "name": "FEDORA-2009-11356", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" }, { "name": "DSA-2207", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2207" }, { "name": "HPSBUX02860", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "37460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37460" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?rev=781542\u0026view=rev" }, { "name": "oval:org.mitre.oval:def:18913", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913" }, { "name": "ADV-2010-3056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/3056" }, { "name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "35788", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35788" }, { "name": "SSRT100029", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?rev=781708\u0026view=rev" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?rev=739522\u0026view=rev" }, { "name": "ADV-2009-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/1856" }, { "name": "MDVSA-2010:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?rev=681156\u0026view=rev" }, { "name": "42368", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/42368" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4077" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933" }, { "name": "FEDORA-2009-11374", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" }, { "name": "oval:org.mitre.oval:def:6450", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450" }, { "name": "35685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35685" }, { "name": "1022336", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022336" }, { "name": "tomcat-xml-information-disclosure(51195)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195" }, { "name": "FEDORA-2009-11352", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "SUSE-SR:2009:012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "name": "HPSBUX02579", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2" }, { "name": "SSRT101146", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "MDVSA-2009:136", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" }, { "name": "263529", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936" }, { "name": "SSRT100203", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2" }, { "name": "35416", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35416" }, { "name": "oval:org.mitre.oval:def:10716", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-06-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:08:27", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "HPSBMA02535", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?rev=652592\u0026view=rev" }, { "name": "MDVSA-2009:138", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" }, { "name": "FEDORA-2009-11356", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" }, { "name": "DSA-2207", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2207" }, { "name": "HPSBUX02860", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "37460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37460" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?rev=781542\u0026view=rev" }, { "name": "oval:org.mitre.oval:def:18913", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913" }, { "name": "ADV-2010-3056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/3056" }, { "name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "35788", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35788" }, { "name": "SSRT100029", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?rev=781708\u0026view=rev" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?rev=739522\u0026view=rev" }, { "name": "ADV-2009-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/1856" }, { "name": "MDVSA-2010:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?rev=681156\u0026view=rev" }, { "name": "42368", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/42368" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4077" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933" }, { "name": "FEDORA-2009-11374", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" }, { "name": "oval:org.mitre.oval:def:6450", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450" }, { "name": "35685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35685" }, { "name": "1022336", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022336" }, { "name": "tomcat-xml-information-disclosure(51195)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195" }, { "name": "FEDORA-2009-11352", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "SUSE-SR:2009:012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "name": "HPSBUX02579", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2" }, { "name": "SSRT101146", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "MDVSA-2009:136", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" }, { "name": "263529", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936" }, { "name": "SSRT100203", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2" }, { "name": "35416", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35416" }, { "name": "oval:org.mitre.oval:def:10716", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-0783", "datePublished": "2009-06-05T15:25:00", "dateReserved": "2009-03-04T00:00:00", "dateUpdated": "2024-08-07T04:48:52.307Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2009-0783\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-06-05T16:00:00.267\",\"lastModified\":\"2024-11-21T01:00:54.683\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.\"},{\"lang\":\"es\",\"value\":\"Apache Tomcat v4.1.0 hasta la v4.1.39, v5.5.0 hasta la v5.5.27 y v6.0.0 hasta la v6.0.18 permite a las aplicaciones web reemplazar un \\\"parser\\\" (extractor de informaci\u00f3n) XML utilizado por otras aplicaciones web, lo que permite a los usuarios locales leer o modificar los ficheros (1) web.xml, (2) context.xml o (3) ficheros tld de aplicaciones web de su elecci\u00f3n a trav\u00e9s de una aplicacion manipulada que es cargada antes de la aplicaci\u00f3n web objetivo del ataque.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndIncluding\":\"4.1.39\",\"matchCriteriaId\":\"FABEAD3F-1066-4802-BDFD-5F42406D2963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndIncluding\":\"5.5.27\",\"matchCriteriaId\":\"88DD2300-F68E-4BD9-A511-7E9F1A6DD43B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.18\",\"matchCriteriaId\":\"7888A749-8246-491C-AF4E-10762170ECE4\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35685\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35788\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42368\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=652592\u0026view=rev\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=681156\u0026view=rev\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=739522\u0026view=rev\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=781542\u0026view=rev\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=781708\u0026view=rev\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2207\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/504090/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/35416\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1022336\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1856\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3056\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/51195\",\"source\":\"secalert@redhat.com\",\"tags\":[\"VDB Entry\"]},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=29936\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=45933\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35685\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/42368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=652592\u0026view=rev\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=681156\u0026view=rev\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=739522\u0026view=rev\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=781542\u0026view=rev\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=781708\u0026view=rev\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2207\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/504090/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/35416\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1022336\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/51195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=29936\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=45933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2009_1144
Vulnerability from csaf_redhat
Published
2009-07-06 11:42
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP07 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
various issues are now available for Red Hat Enterprise Linux 4 as JBEAP
4.2.0.CP07.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.2.0.CP06.
These updated packages include bug fixes and enhancements which are
detailed in the release notes. The link to the release notes is available
below in the References section of this errata.
The following security issues are also fixed with this release:
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications deployed on JBossWeb when FORM-based authentication was used.
(CVE-2009-0580)
It was discovered that web applications containing their own XML parsers
could replace the XML parser JBossWeb uses to parse configuration files. A
malicious web application running on a JBossWeb instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same JBossWeb instance. (CVE-2009-0783)
Warning: before applying this update, please back up the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nvarious issues are now available for Red Hat Enterprise Linux 4 as JBEAP\n4.2.0.CP07.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.2.0.CP06.\n\nThese updated packages include bug fixes and enhancements which are\ndetailed in the release notes. The link to the release notes is available\nbelow in the References section of this errata.\n\nThe following security issues are also fixed with this release:\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications deployed on JBossWeb when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser JBossWeb uses to parse configuration files. A\nmalicious web application running on a JBossWeb instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same JBossWeb instance. (CVE-2009-0783)\n\nWarning: before applying this update, please back up the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1144", "url": "https://access.redhat.com/errata/RHSA-2009:1144" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp07/html-single/Release_Notes/index.html", "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp07/html-single/Release_Notes/index.html" }, { "category": "external", "summary": "499605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499605" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1144.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP07 update", "tracking": { "current_release_date": "2024-11-22T03:25:51+00:00", "generator": { "date": "2024-11-22T03:25:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1144", "initial_release_date": "2009-07-06T11:42:00+00:00", "revision_history": [ { "date": "2009-07-06T11:42:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-07-06T07:42:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:25:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "product": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "product_id": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch02.1jpp.ep1.2.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jgroups-1:2.4.6-1.ep1.el4.src", "product": { "name": "jgroups-1:2.4.6-1.ep1.el4.src", "product_id": "jgroups-1:2.4.6-1.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "product": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "product": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "product": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el4?arch=src" } } }, { "category": "product_version", "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "product": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "product": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "product_id": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-9jpp.ep1.2.el4?arch=src" } } }, { "category": "product_version", "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "product": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "product_id": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "product": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.el4?arch=src" } } }, { "category": "product_version", "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "product": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "product_id": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.GA_CP01.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "product": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "product": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.el4?arch=src" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "product": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el4?arch=src" } } }, { "category": "product_version", "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.src", "product": { "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.src", "product_id": "jboss-seam-0:1.2.1-1.ep1.19.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.19.el4?arch=src" } } }, { "category": "product_version", "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "product": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "product_id": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-5.GA_CP07.ep1.1.el4?arch=src" } } }, { "category": "product_version", "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "product": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "product_id": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP07.5.ep1.el4?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "product": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "product_id": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch02.1jpp.ep1.2.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jgroups-1:2.4.6-1.ep1.el4.noarch", "product": { "name": "jgroups-1:2.4.6-1.ep1.el4.noarch", "product_id": "jgroups-1:2.4.6-1.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "product": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "product": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "product": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "product": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "product_id": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-9jpp.ep1.2.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "product": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "product_id": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "product": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "product": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "product_id": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations-javadoc@3.0.0-1jpp.ep1.5.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product_id": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.GA_CP01.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.10.GA_CP01.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "product": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "product": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "product_id": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.3.2-2.4.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "product": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "product": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "product_id": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator-javadoc@3.0.0-1jpp.ep1.8.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "product": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "product": { "name": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "product_id": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.19.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "product": { "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "product_id": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.19.el4?arch=noarch" } } }, { "category": "product_version", "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "product": { "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "product_id": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-5.GA_CP07.ep1.1.el4?arch=noarch" } } }, { "category": "product_version", "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "product": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "product_id": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-5.GA_CP07.ep1.1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "product": { "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "product_id": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-client@4.2.0-4.GA_CP07.5.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "product": { "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "product_id": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP07-bin@4.2.0-4.GA_CP07.5.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "product": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "product_id": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP07.5.ep1.el4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch" }, "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch" }, "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch" }, "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch" }, "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch" }, "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch" }, "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src" }, "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch" }, "product_reference": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src" }, "product_reference": "jboss-seam-0:1.2.1-1.ep1.19.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch" }, "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch" }, "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src" }, "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch" }, "product_reference": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch" }, "product_reference": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch" }, "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src" }, "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch" }, "product_reference": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch" }, "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", "product_id": "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" }, "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "relates_to_product_reference": "4AS-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch" }, "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch" }, "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch" }, "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch" }, "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch" }, "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch" }, "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src" }, "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch" }, "product_reference": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src" }, "product_reference": "jboss-seam-0:1.2.1-1.ep1.19.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch" }, "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch" }, "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src" }, "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch" }, "product_reference": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch" }, "product_reference": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch" }, "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src" }, "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch" }, "product_reference": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch" }, "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", "product_id": "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" }, "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "relates_to_product_reference": "4ES-JBEAP" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:42:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1144" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:42:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1144" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:42:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1144" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src", "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src", "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src", "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1143
Vulnerability from csaf_redhat
Published
2009-07-06 11:42
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP07 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix
various issues are now available for Red Hat Enterprise Linux 5 as JBEAP
4.2.0.CP07.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.2.0.CP06.
These updated packages include bug fixes and enhancements which are
detailed in the release notes. The link to the release notes is available
below in the References section of this errata.
The following security issues are also fixed with this release:
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications deployed on JBossWeb when FORM-based authentication was used.
(CVE-2009-0580)
It was discovered that web applications containing their own XML parsers
could replace the XML parser JBossWeb uses to parse configuration files. A
malicious web application running on a JBossWeb instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same JBossWeb instance. (CVE-2009-0783)
Warning: before applying this update, please back up the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nvarious issues are now available for Red Hat Enterprise Linux 5 as JBEAP\n4.2.0.CP07.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.2.0.CP06.\n\nThese updated packages include bug fixes and enhancements which are\ndetailed in the release notes. The link to the release notes is available\nbelow in the References section of this errata.\n\nThe following security issues are also fixed with this release:\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications deployed on JBossWeb when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser JBossWeb uses to parse configuration files. A\nmalicious web application running on a JBossWeb instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same JBossWeb instance. (CVE-2009-0783)\n\nWarning: before applying this update, please back up the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1143", "url": "https://access.redhat.com/errata/RHSA-2009:1143" }, { "category": "external", "summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp07/html-single/Release_Notes/index.html", "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp07/html-single/Release_Notes/index.html" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#important", "url": "http://www.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "499600", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499600" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1143.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP07 update", "tracking": { "current_release_date": "2024-11-22T03:25:48+00:00", "generator": { "date": "2024-11-22T03:25:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1143", "initial_release_date": "2009-07-06T11:42:00+00:00", "revision_history": [ { "date": "2009-07-06T11:42:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-07-06T07:42:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:25:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "product": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "product": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "jgroups-1:2.4.6-1.ep1.el5.src", "product": { "name": "jgroups-1:2.4.6-1.ep1.el5.src", "product_id": "jgroups-1:2.4.6-1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "product": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "product": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "product": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src", "product": { "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src", "product_id": "jboss-remoting-0:2.2.3-2.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "product": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.2.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "product": { "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "product_id": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.1GA_CP01.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "product": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.1.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "product": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.3.el5?arch=src" } } }, { "category": "product_version", "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "product": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "product_id": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-5.GA_CP07.ep1.1.1.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.src", "product": { "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.src", "product_id": "jboss-seam-0:1.2.1-1.ep1.13.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.13.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "product": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "product_id": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP07.5.1.ep1.el5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "product": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "product": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jgroups-1:2.4.6-1.ep1.el5.noarch", "product": { "name": "jgroups-1:2.4.6-1.ep1.el5.noarch", "product_id": "jgroups-1:2.4.6-1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "product": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "product": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "product": { "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "product_id": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product_id": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations-javadoc@3.0.0-1jpp.ep1.5.2.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.2.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.10.1GA_CP01.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product": { "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product_id": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.1GA_CP01.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "product": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "product": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "product_id": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.3.2-2.4.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.3.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product_id": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator-javadoc@3.0.0-1jpp.ep1.8.3.el5?arch=noarch" } } }, { "category": "product_version", "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "product": { "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "product_id": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-5.GA_CP07.ep1.1.1.el5?arch=noarch" } } }, { "category": "product_version", "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "product": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "product_id": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-5.GA_CP07.ep1.1.1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "product": { "name": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "product_id": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.13.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "product": { "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "product_id": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.13.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "product": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "product_id": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP07.5.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "product": { "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "product_id": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-client@4.2.0-4.GA_CP07.5.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "product": { "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "product_id": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP07-bin@4.2.0-4.GA_CP07.5.1.ep1.el5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch" }, "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch" }, "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch" }, "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch" }, "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch" }, "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch" }, "product_reference": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src" }, "product_reference": "jboss-seam-0:1.2.1-1.ep1.13.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch" }, "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch" }, "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src" }, "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch" }, "product_reference": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch" }, "product_reference": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" }, "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src" }, "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" }, "product_reference": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.2.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:42:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1143" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:42:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1143" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:42:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1143" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src", "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src", "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch", "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src", "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1617
Vulnerability from csaf_redhat
Published
2009-11-30 15:18
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server
Notes
Topic
An updated tomcat package that fixes several security issues is now
available for Red Hat Network Satellite Server 5.1.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
This update corrects several security vulnerabilities in the Tomcat
component shipped as part of Red Hat Network Satellite Server. In a typical
operating environment, Tomcat is not exposed to users of Satellite Server
in a vulnerable manner: By default, only Satellite Server applications are
running on Tomcat. This update will reduce risk in unique Satellite Server
environments.
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
connector processes AJP connections. An attacker could use this flaw to
send specially-crafted requests that would cause a temporary denial of
service. (CVE-2009-0033)
It was discovered that web applications containing their own XML parsers
could replace the XML parser Tomcat uses to parse configuration files. A
malicious web application running on a Tomcat instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same Tomcat instance. (CVE-2009-0783)
Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
this updated tomcat package, which contains backported patches to resolve
these issues. Tomcat must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated tomcat package that fixes several security issues is now\navailable for Red Hat Network Satellite Server 5.1.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThis update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a typical\noperating environment, Tomcat is not exposed to users of Satellite Server\nin a vulnerable manner: By default, only Satellite Server applications are\nrunning on Tomcat. This update will reduce risk in unique Satellite Server\nenvironments.\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\nthis updated tomcat package, which contains backported patches to resolve\nthese issues. Tomcat must be restarted for this update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1617", "url": "https://access.redhat.com/errata/RHSA-2009:1617" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#low", "url": "http://www.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1617.json" } ], "title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server", "tracking": { "current_release_date": "2024-11-22T03:25:47+00:00", "generator": { "date": "2024-11-22T03:25:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1617", "initial_release_date": "2009-11-30T15:18:00+00:00", "revision_history": [ { "date": "2009-11-30T15:18:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-11-30T10:18:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:25:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.1::el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.0.30-0jpp_16rh.src", "product": { "name": "tomcat5-0:5.0.30-0jpp_16rh.src", "product_id": "tomcat5-0:5.0.30-0jpp_16rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_16rh?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.0.30-0jpp_16rh.noarch", "product": { "name": "tomcat5-0:5.0.30-0jpp_16rh.noarch", "product_id": "tomcat5-0:5.0.30-0jpp_16rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_16rh?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.0.30-0jpp_16rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch" }, "product_reference": "tomcat5-0:5.0.30-0jpp_16rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.0.30-0jpp_16rh.src as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src" }, "product_reference": "tomcat5-0:5.0.30-0jpp_16rh.src", "relates_to_product_reference": "4AS-RHNSAT5.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-30T15:18:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1617" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0033", "discovery_date": "2009-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "493381" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Denial-Of-Service with AJP connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0033" }, { "category": "external", "summary": "RHBZ#493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-30T15:18:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1617" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat6 Denial-Of-Service with AJP connection" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-30T15:18:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1617" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch", "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1616
Vulnerability from csaf_redhat
Published
2009-11-30 15:16
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Network Satellite Server 5.2 and 5.3.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
This update corrects several security vulnerabilities in the Tomcat
component shipped as part of Red Hat Network Satellite Server. In a typical
operating environment, Tomcat is not exposed to users of Satellite Server
in a vulnerable manner: By default, only Satellite Server applications are
running on Tomcat. This update will reduce risk in unique Satellite Server
environments.
It was discovered that the Red Hat Security Advisory RHSA-2007:1069 did not
address all possible flaws in the way Tomcat handles certain characters and
character sequences in cookie values. A remote attacker could use this flaw
to obtain sensitive information, such as session IDs, and then use this
information for session hijacking attacks. (CVE-2007-5333)
Note: The fix for the CVE-2007-5333 flaw changes the default cookie
processing behavior: With this update, version 0 cookies that contain
values that must be quoted to be valid are automatically changed to version
1 cookies. To reactivate the previous, but insecure behavior, add the
following entry to the "/etc/tomcat5/catalina.properties" file:
org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
connector processes AJP connections. An attacker could use this flaw to
send specially-crafted requests that would cause a temporary denial of
service. (CVE-2009-0033)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications running on Tomcat when FORM-based authentication was used.
(CVE-2009-0580)
It was discovered that web applications containing their own XML parsers
could replace the XML parser Tomcat uses to parse configuration files. A
malicious web application running on a Tomcat instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same Tomcat instance. (CVE-2009-0783)
Users of Red Hat Network Satellite Server 5.2 and 5.3 are advised to
upgrade to these updated tomcat packages, which contain backported patches
to resolve these issues. Tomcat must be restarted for this update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Network Satellite Server 5.2 and 5.3.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThis update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a typical\noperating environment, Tomcat is not exposed to users of Satellite Server\nin a vulnerable manner: By default, only Satellite Server applications are\nrunning on Tomcat. This update will reduce risk in unique Satellite Server\nenvironments.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2007:1069 did not\naddress all possible flaws in the way Tomcat handles certain characters and\ncharacter sequences in cookie values. A remote attacker could use this flaw\nto obtain sensitive information, such as session IDs, and then use this\ninformation for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: With this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Red Hat Network Satellite Server 5.2 and 5.3 are advised to\nupgrade to these updated tomcat packages, which contain backported patches\nto resolve these issues. Tomcat must be restarted for this update to take\neffect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1616", "url": "https://access.redhat.com/errata/RHSA-2009:1616" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#low", "url": "http://www.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1616.json" } ], "title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server", "tracking": { "current_release_date": "2024-11-22T03:25:44+00:00", "generator": { "date": "2024-11-22T03:25:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1616", "initial_release_date": "2009-11-30T15:16:00+00:00", "revision_history": [ { "date": "2009-11-30T15:16:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-11-30T10:16:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:25:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.2 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.2::el4" } } }, { "category": "product_name", "name": "Red Hat Satellite 5.3 (RHEL v.4)", "product": { "name": "Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.3::el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_18rh?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_18rh.src", "product": { "name": "tomcat5-0:5.5.23-0jpp_18rh.src", "product_id": "tomcat5-0:5.5.23-0jpp_18rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_18rh?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_18rh.src as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.src", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_18rh.src as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.src", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)", "product_id": "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-5333", "discovery_date": "2008-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427766" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", "title": "Vulnerability description" }, { "category": "summary", "text": "Improve cookie parsing for tomcat5", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5333" }, { "category": "external", "summary": "RHBZ#427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333" } ], "release_date": "2008-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-30T15:16:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1616" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Improve cookie parsing for tomcat5" }, { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-30T15:16:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1616" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0033", "discovery_date": "2009-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "493381" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Denial-Of-Service with AJP connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0033" }, { "category": "external", "summary": "RHBZ#493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-30T15:16:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1616" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat6 Denial-Of-Service with AJP connection" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-30T15:16:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1616" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-30T15:16:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1616" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1563
Vulnerability from csaf_redhat
Published
2009-11-09 15:37
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Developer Suite 3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that the Red Hat Security Advisory RHSA-2008:0195 did not
address all possible flaws in the way Tomcat handles certain characters and
character sequences in cookie values. A remote attacker could use this flaw
to obtain sensitive information, such as session IDs, and then use this
information for session hijacking attacks. (CVE-2007-5333)
Note: The fix for the CVE-2007-5333 flaw changes the default cookie
processing behavior: With this update, version 0 cookies that contain
values that must be quoted to be valid are automatically changed to version
1 cookies. To reactivate the previous, but insecure behavior, add the
following entry to the "/etc/tomcat5/catalina.properties" file:
org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
connector processes AJP connections. An attacker could use this flaw to
send specially-crafted requests that would cause a temporary denial of
service. (CVE-2009-0033)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications running on Tomcat when FORM-based authentication was used.
(CVE-2009-0580)
It was discovered that web applications containing their own XML parsers
could replace the XML parser Tomcat uses to parse configuration files. A
malicious web application running on a Tomcat instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same Tomcat instance. (CVE-2009-0783)
Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2008:0195 did not\naddress all possible flaws in the way Tomcat handles certain characters and\ncharacter sequences in cookie values. A remote attacker could use this flaw\nto obtain sensitive information, such as session IDs, and then use this\ninformation for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: With this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1563", "url": "https://access.redhat.com/errata/RHSA-2009:1563" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1563.json" } ], "title": "Red Hat Security Advisory: tomcat security update", "tracking": { "current_release_date": "2024-11-22T03:26:13+00:00", "generator": { "date": "2024-11-22T03:26:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1563", "initial_release_date": "2009-11-09T15:37:00+00:00", "revision_history": [ { "date": "2009-11-09T15:37:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-11-09T10:37:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:26:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Developer Suite v.3 (AS v.4)", "product": { "name": "Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_developer_suite:3" } } } ], "category": "product_family", "name": "Red Hat Developer Suite v.3" }, { "branches": [ { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_18rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_18rh?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_18rh.src", "product": { "name": "tomcat5-0:5.5.23-0jpp_18rh.src", "product_id": "tomcat5-0:5.5.23-0jpp_18rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_18rh?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_18rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.src", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-DS3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", "product_id": "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch", "relates_to_product_reference": "4AS-DS3" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-5333", "discovery_date": "2008-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427766" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", "title": "Vulnerability description" }, { "category": "summary", "text": "Improve cookie parsing for tomcat5", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5333" }, { "category": "external", "summary": "RHBZ#427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333" } ], "release_date": "2008-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:37:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1563" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Improve cookie parsing for tomcat5" }, { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:37:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1563" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0033", "discovery_date": "2009-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "493381" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Denial-Of-Service with AJP connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0033" }, { "category": "external", "summary": "RHBZ#493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:37:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1563" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat6 Denial-Of-Service with AJP connection" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:37:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1563" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:37:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1563" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1454
Vulnerability from csaf_redhat
Published
2009-09-21 15:51
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: tomcat5 security update
Notes
Topic
Updated tomcat5 packages that fix several security issues are now available
for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
[Updated 23 September 2009]
This erratum has been updated to include replacement packages for JBoss
Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4. The original
packages did not contain a fix for the low security impact issue
CVE-2009-0783. The packages for JBoss Enterprise Web Server 1.0.0 for Red
Hat Enterprise Linux 5 are unchanged as they included the fix for
CVE-2009-0783.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that Tomcat does not properly handle a certain character
and character sequence in cookie values. A remote attacker could use this
flaw to obtain sensitive information, such as session IDs, and then use
this information for session hijacking attacks. (CVE-2007-5333)
Note: The fix for the CVE-2007-5333 flaw changes the default cookie
processing behavior: With this update, version 0 cookies that contain
values that must be quoted to be valid are automatically changed to version
1 cookies. To reactivate the previous, but insecure behavior, add the
following entry to the "/etc/tomcat5/catalina.properties" file:
org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
connector processes AJP connections. An attacker could use this flaw to
send specially-crafted requests that would cause a temporary denial of
service. (CVE-2009-0033)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications running on Tomcat when FORM-based authentication was used.
(CVE-2009-0580)
It was discovered that web applications containing their own XML parsers
could replace the XML parser Tomcat uses to parse configuration files. A
malicious web application running on a Tomcat instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same Tomcat instance. (CVE-2009-0783)
Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat5 packages that fix several security issues are now available\nfor JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.\n\n[Updated 23 September 2009]\nThis erratum has been updated to include replacement packages for JBoss\nEnterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4. The original\npackages did not contain a fix for the low security impact issue\nCVE-2009-0783. The packages for JBoss Enterprise Web Server 1.0.0 for Red\nHat Enterprise Linux 5 are unchanged as they included the fix for\nCVE-2009-0783.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that Tomcat does not properly handle a certain character\nand character sequence in cookie values. A remote attacker could use this\nflaw to obtain sensitive information, such as session IDs, and then use\nthis information for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: With this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1454", "url": "https://access.redhat.com/errata/RHSA-2009:1454" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1454.json" } ], "title": "Red Hat Security Advisory: tomcat5 security update", "tracking": { "current_release_date": "2024-11-22T03:25:53+00:00", "generator": { "date": "2024-11-22T03:25:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1454", "initial_release_date": "2009-09-21T15:51:00+00:00", "revision_history": [ { "date": "2009-09-21T15:51:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-09-23T11:15:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:25:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product": { "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product": { "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.9.6.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_id": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-1.patch07.19.ep5.el4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "product": { "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "product_id": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.9.6.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "product": { "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "product_id": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-1.patch07.19.ep5.el4?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src" }, "product_reference": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src" }, "product_reference": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-5333", "discovery_date": "2008-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427766" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", "title": "Vulnerability description" }, { "category": "summary", "text": "Improve cookie parsing for tomcat5", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5333" }, { "category": "external", "summary": "RHBZ#427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333" } ], "release_date": "2008-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-09-21T15:51:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1454" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Improve cookie parsing for tomcat5" }, { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-09-21T15:51:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1454" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0033", "discovery_date": "2009-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "493381" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Denial-Of-Service with AJP connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0033" }, { "category": "external", "summary": "RHBZ#493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-09-21T15:51:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1454" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat6 Denial-Of-Service with AJP connection" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-09-21T15:51:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1454" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-09-21T15:51:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1454" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1506
Vulnerability from csaf_redhat
Published
2009-10-14 16:15
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: tomcat6 security update
Notes
Topic
Updated tomcat6 packages that fix several security issues are now available
for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
connector processes AJP connections. An attacker could use this flaw to
send specially-crafted requests that would cause a temporary denial of
service. (CVE-2009-0033)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications running on Tomcat when FORM-based authentication was used.
(CVE-2009-0580)
It was discovered that web applications containing their own XML parsers
could replace the XML parser Tomcat uses to parse configuration files. A
malicious web application running on a Tomcat instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same Tomcat instance. (CVE-2009-0783)
Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat6 packages that fix several security issues are now available\nfor JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1506", "url": "https://access.redhat.com/errata/RHSA-2009:1506" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://tomcat.apache.org/security-6.html", "url": "http://tomcat.apache.org/security-6.html" }, { "category": "external", "summary": "493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1506.json" } ], "title": "Red Hat Security Advisory: tomcat6 security update", "tracking": { "current_release_date": "2024-11-22T03:26:06+00:00", "generator": { "date": "2024-11-22T03:26:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1506", "initial_release_date": "2009-10-14T16:15:00+00:00", "revision_history": [ { "date": "2009-10-14T16:15:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-10-14T12:15:15+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:26:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product": { "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product": { "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "product": { "name": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "product_id": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.18-12.0.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.18-11.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.18-11.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.18-11.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.18-11.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.18-11.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.18-11.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.18-11.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.18-11.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.18-11.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "product": { "name": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "product_id": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.18-11.3.ep5.el4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "tomcat6-0:6.0.18-12.0.ep5.el5.src", "product": { "name": "tomcat6-0:6.0.18-12.0.ep5.el5.src", "product_id": "tomcat6-0:6.0.18-12.0.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.18-12.0.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.18-11.3.ep5.el4.src", "product": { "name": "tomcat6-0:6.0.18-11.3.ep5.el4.src", "product_id": "tomcat6-0:6.0.18-11.3.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.18-11.3.ep5.el4?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.18-11.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src" }, "product_reference": "tomcat6-0:6.0.18-11.3.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.18-11.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src" }, "product_reference": "tomcat6-0:6.0.18-11.3.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch" }, "product_reference": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.18-12.0.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src" }, "product_reference": "tomcat6-0:6.0.18-12.0.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" }, "product_reference": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-10-14T16:15:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1506" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0033", "discovery_date": "2009-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "493381" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Denial-Of-Service with AJP connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0033" }, { "category": "external", "summary": "RHBZ#493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-10-14T16:15:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1506" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat6 Denial-Of-Service with AJP connection" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-10-14T16:15:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1506" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-10-14T16:15:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1506" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1145
Vulnerability from csaf_redhat
Published
2009-07-06 11:41
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
various issues are now available for Red Hat Enterprise Linux 5 as JBEAP
4.3.0.CP05.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 5 serves as a
replacement to JBEAP 4.3.0.CP04.
These updated packages include bug fixes and enhancements which are
detailed in the release notes. The link to the release notes is available
below in the References section of this errata.
The following security issues are also fixed with this release:
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications deployed on JBossWeb when FORM-based authentication was used.
(CVE-2009-0580)
It was discovered that web applications containing their own XML parsers
could replace the XML parser JBossWeb uses to parse configuration files. A
malicious web application running on a JBossWeb instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same JBossWeb instance. (CVE-2009-0783)
Warning: before applying this update, please back up the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nvarious issues are now available for Red Hat Enterprise Linux 5 as JBEAP\n4.3.0.CP05.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.3.0.CP04.\n\nThese updated packages include bug fixes and enhancements which are\ndetailed in the release notes. The link to the release notes is available\nbelow in the References section of this errata.\n\nThe following security issues are also fixed with this release:\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications deployed on JBossWeb when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser JBossWeb uses to parse configuration files. A\nmalicious web application running on a JBossWeb instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same JBossWeb instance. (CVE-2009-0783)\n\nWarning: before applying this update, please back up the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1145", "url": "https://access.redhat.com/errata/RHSA-2009:1145" }, { "category": "external", "summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp05/html-single/Release_Notes/index.html", "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp05/html-single/Release_Notes/index.html" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#important", "url": "http://www.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "499602", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499602" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1145.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update", "tracking": { "current_release_date": "2024-11-22T03:25:55+00:00", "generator": { "date": "2024-11-22T03:25:55+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1145", "initial_release_date": "2009-07-06T11:41:00+00:00", "revision_history": [ { "date": "2009-07-06T11:41:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-07-06T07:41:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:25:55+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "product": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el5?arch=src" } } }, { "category": "product_version", "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "product": { "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "product_id": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb@2.1.4-1.11.1.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "product": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "product": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "product_id": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-spi@1.0.0-1.GA_CP02.1.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "jgroups-1:2.4.6-1.ep1.el5.src", "product": { "name": "jgroups-1:2.4.6-1.ep1.el5.src", "product_id": "jgroups-1:2.4.6-1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "product": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "product_id": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-common@1.0.0-2.GA_CP04.1.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "product": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "product_id": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-framework@2.0.1-1.GA_CP04.2.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "product": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "product": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el5?arch=src" } } }, { "category": "product_version", "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "product": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "product_id": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws@2.0.1-3.SP2_CP06.3.1.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "product": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "product_id": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-2.SP3_CP08.1.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "product": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src", "product": { "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src", "product_id": "jboss-remoting-0:2.2.3-2.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "product": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.2.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "product": { "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "product_id": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.1GA_CP01.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "product": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.1.ep1.el5?arch=src" } } }, { "category": "product_version", "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "product": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.3.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "product": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1?arch=src" } } }, { "category": "product_version", "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "product": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "product_id": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-5.GA_CP05.ep1.2.1.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "product": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "product_id": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas@4.3.0-4.GA_CP05.6.1.ep1.el5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "product": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el5?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "product": { "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "product_id": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb-javadoc@2.1.4-1.11.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "product": { "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "product_id": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb@2.1.4-1.11.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "product": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "product": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "product_id": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-spi@1.0.0-1.GA_CP02.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jgroups-1:2.4.6-1.ep1.el5.noarch", "product": { "name": "jgroups-1:2.4.6-1.ep1.el5.noarch", "product_id": "jgroups-1:2.4.6-1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "product": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "product_id": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-common@1.0.0-2.GA_CP04.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "product": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "product_id": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-framework@2.0.1-1.GA_CP04.2.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "product": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "product": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "product": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "product_id": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws@2.0.1-3.SP2_CP06.3.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "product": { "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "product_id": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-native42@2.0.1-3.SP2_CP06.3.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "product": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "product_id": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-2.SP3_CP08.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "product": { "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "product_id": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product_id": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations-javadoc@3.0.0-1jpp.ep1.5.2.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.2.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.10.1GA_CP01.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product": { "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product_id": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.1GA_CP01.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "product": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "product": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "product_id": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.3.2-2.4.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.3.el5?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product_id": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator-javadoc@3.0.0-1jpp.ep1.8.3.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "product": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1?arch=noarch" } } }, { "category": "product_version", "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "product": { "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1?arch=noarch" } } }, { "category": "product_version", "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "product": { "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "product_id": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-5.GA_CP05.ep1.2.1.el5?arch=noarch" } } }, { "category": "product_version", "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "product": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "product_id": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-5.GA_CP05.ep1.2.1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "product": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "product_id": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas@4.3.0-4.GA_CP05.6.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "product": { "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "product_id": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-client@4.3.0-4.GA_CP05.6.1.ep1.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "product": { "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "product_id": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP05-bin@4.3.0-4.GA_CP05.6.1.ep1.el5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch" }, "product_reference": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src" }, "product_reference": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch" }, "product_reference": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch" }, "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch" }, "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch" }, "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch" }, "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch" }, "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch" }, "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src" }, "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch" }, "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src" }, "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch" }, "product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch" }, "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src" }, "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch" }, "product_reference": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch" }, "product_reference": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch" }, "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src" }, "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch" }, "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src" }, "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch" }, "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src" }, "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch" }, "product_reference": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch" }, "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src" }, "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" }, "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src" }, "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "relates_to_product_reference": "5Server-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", "product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" }, "product_reference": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-4.3.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1145" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1145" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1145" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src", "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src", "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src", "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src", "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch", "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src", "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src", "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch", "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch", "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src", "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1146
Vulnerability from csaf_redhat
Published
2009-07-06 11:41
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update
Notes
Topic
Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix
various issues are now available for Red Hat Enterprise Linux 4 as JBEAP
4.3.0.CP05.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Enterprise Application Platform is the market leading platform for
innovative and scalable Java applications; integrating the JBoss
Application Server, with JBoss Hibernate and JBoss Seam into a complete,
simple enterprise solution.
This release of JBEAP for Red Hat Enterprise Linux 4 serves as a
replacement to JBEAP 4.3.0.CP04.
These updated packages include bug fixes and enhancements which are
detailed in the release notes. The link to the release notes is available
below in the References section of this errata.
The following security issues are also fixed with this release:
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications deployed on JBossWeb when FORM-based authentication was used.
(CVE-2009-0580)
It was discovered that web applications containing their own XML parsers
could replace the XML parser JBossWeb uses to parse configuration files. A
malicious web application running on a JBossWeb instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same JBossWeb instance. (CVE-2009-0783)
Warning: before applying this update, please back up the JBEAP
"server/[configuration]/deploy/" directory, and any other customized
configuration files.
All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade
to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nvarious issues are now available for Red Hat Enterprise Linux 4 as JBEAP\n4.3.0.CP05.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.3.0.CP04.\n\nThese updated packages include bug fixes and enhancements which are\ndetailed in the release notes. The link to the release notes is available\nbelow in the References section of this errata.\n\nThe following security issues are also fixed with this release:\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications deployed on JBossWeb when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser JBossWeb uses to parse configuration files. A\nmalicious web application running on a JBossWeb instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same JBossWeb instance. (CVE-2009-0783)\n\nWarning: before applying this update, please back up the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1146", "url": "https://access.redhat.com/errata/RHSA-2009:1146" }, { "category": "external", "summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp05/html-single/Release_Notes/index.html", "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp05/html-single/Release_Notes/index.html" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#important", "url": "http://www.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "499608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499608" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1146.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update", "tracking": { "current_release_date": "2024-11-22T03:26:00+00:00", "generator": { "date": "2024-11-22T03:26:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1146", "initial_release_date": "2009-07-06T11:41:00+00:00", "revision_history": [ { "date": "2009-07-06T11:41:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-07-06T07:41:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:26:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product": { "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "product": { "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "product_id": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb-javadoc@2.1.4-1.11.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "product": { "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "product_id": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb@2.1.4-1.11.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "product": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "product_id": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch02.1jpp.ep1.2.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "product": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "product_id": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-spi@1.0.0-1.GA_CP02.1.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jgroups-1:2.4.6-1.ep1.el4.noarch", "product": { "name": "jgroups-1:2.4.6-1.ep1.el4.noarch", "product_id": "jgroups-1:2.4.6-1.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "product": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "product_id": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-common@1.0.0-2.GA_CP04.1.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "product": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "product_id": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-framework@2.0.1-1.GA_CP04.2.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "product": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "product": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "product": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el4?arch=noarch" } } }, { "category": "product_version", "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "product": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "product_id": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-9jpp.ep1.2.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "product": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "product_id": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-2.SP3_CP08.1.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "product": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "product_id": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "product": { "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "product_id": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-native42@2.0.1-3.SP2_CP06.3.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "product": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "product_id": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws@2.0.1-3.SP2_CP06.3.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "product": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "product": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "product_id": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations-javadoc@3.0.0-1jpp.ep1.5.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product_id": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.GA_CP01.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.10.GA_CP01.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "product": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "product": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "product_id": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.3.2-2.4.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "product": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.el4?arch=noarch" } } }, { "category": "product_version", "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "product": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "product_id": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator-javadoc@3.0.0-1jpp.ep1.8.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "product": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "product": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "product": { "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4?arch=noarch" } } }, { "category": "product_version", "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "product": { "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "product_id": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-5.GA_CP05.ep1.2.el4?arch=noarch" } } }, { "category": "product_version", "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "product": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "product_id": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-5.GA_CP05.ep1.2.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "product": { "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "product_id": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP05-bin@4.3.0-4.GA_CP05.6.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "product": { "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "product_id": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-client@4.3.0-4.GA_CP05.6.ep1.el4?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "product": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "product_id": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas@4.3.0-4.GA_CP05.6.ep1.el4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "product": { "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "product_id": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jaxb@2.1.4-1.11.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "product": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "product_id": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch02.1jpp.ep1.2.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "product": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "product_id": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-spi@1.0.0-1.GA_CP02.1.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "jgroups-1:2.4.6-1.ep1.el4.src", "product": { "name": "jgroups-1:2.4.6-1.ep1.el4.src", "product_id": "jgroups-1:2.4.6-1.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "product": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "product_id": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-common@1.0.0-2.GA_CP04.1.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "product": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "product_id": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws-framework@2.0.1-1.GA_CP04.2.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "product": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "product": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "product": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el4?arch=src" } } }, { "category": "product_version", "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "product": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "product_id": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-9jpp.ep1.2.el4?arch=src" } } }, { "category": "product_version", "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "product": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "product_id": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-2.SP3_CP08.1.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "product": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "product_id": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "product": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "product_id": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossws@2.0.1-3.SP2_CP06.3.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "product": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "product": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.el4?arch=src" } } }, { "category": "product_version", "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "product": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "product_id": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.GA_CP01.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "product": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.ep1.el4?arch=src" } } }, { "category": "product_version", "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "product": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.el4?arch=src" } } }, { "category": "product_version", "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "product": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el4?arch=src" } } }, { "category": "product_version", "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "product": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4?arch=src" } } }, { "category": "product_version", "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "product": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "product_id": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-5.GA_CP05.ep1.2.el4?arch=src" } } }, { "category": "product_version", "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "product": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "product_id": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas@4.3.0-4.GA_CP05.6.ep1.el4?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch" }, "product_reference": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src" }, "product_reference": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch" }, "product_reference": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch" }, "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch" }, "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch" }, "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch" }, "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch" }, "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch" }, "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src" }, "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch" }, "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src" }, "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch" }, "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src" }, "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch" }, "product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch" }, "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src" }, "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch" }, "product_reference": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch" }, "product_reference": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch" }, "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src" }, "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch" }, "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src" }, "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch" }, "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src" }, "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch" }, "product_reference": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch" }, "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src" }, "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch" }, "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src" }, "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch" }, "product_reference": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch" }, "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", "product_id": "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" }, "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "relates_to_product_reference": "4AS-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch" }, "product_reference": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src" }, "product_reference": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch" }, "product_reference": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src" }, "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src" }, "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch" }, "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src" }, "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch" }, "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src" }, "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch" }, "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch" }, "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src" }, "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch" }, "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch" }, "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src" }, "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src" }, "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src" }, "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch" }, "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src" }, "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src" }, "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch" }, "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src" }, "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch" }, "product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch" }, "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src" }, "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch" }, "product_reference": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch" }, "product_reference": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src" }, "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src" }, "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch" }, "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src" }, "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch" }, "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src" }, "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch" }, "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src" }, "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch" }, "product_reference": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch" }, "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src" }, "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:2.4.6-1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src" }, "product_reference": "jgroups-1:2.4.6-1.ep1.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch" }, "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src" }, "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch" }, "product_reference": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch" }, "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-4.3.0" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", "product_id": "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" }, "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "relates_to_product_reference": "4ES-JBEAP-4.3.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1146" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1146" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-06T11:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1146" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src", "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src", "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src", "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src", "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch", "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src", "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src", "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch", "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src", "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch", "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1562
Vulnerability from csaf_redhat
Published
2009-11-09 15:26
Modified
2024-11-22 03:26
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Application Server v2.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that the Red Hat Security Advisory RHSA-2007:0876 did not
address all possible flaws in the way Tomcat handles certain characters and
character sequences in cookie values. A remote attacker could use this flaw
to obtain sensitive information, such as session IDs, and then use this
information for session hijacking attacks. (CVE-2007-5333)
Note: The fix for the CVE-2007-5333 flaw changes the default cookie
processing behavior: With this update, version 0 cookies that contain
values that must be quoted to be valid are automatically changed to version
1 cookies. To reactivate the previous, but insecure behavior, add the
following entry to the "/etc/tomcat5/catalina.properties" file:
org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
connector processes AJP connections. An attacker could use this flaw to
send specially-crafted requests that would cause a temporary denial of
service. (CVE-2009-0033)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications running on Tomcat when FORM-based authentication was used.
(CVE-2009-0580)
A cross-site scripting (XSS) flaw was found in the examples calendar
application. With some web browsers, remote attackers could use this flaw
to inject arbitrary web script or HTML via the "time" parameter.
(CVE-2009-0781)
It was discovered that web applications containing their own XML parsers
could replace the XML parser Tomcat uses to parse configuration files. A
malicious web application running on a Tomcat instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same Tomcat instance. (CVE-2009-0783)
Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2007:0876 did not\naddress all possible flaws in the way Tomcat handles certain characters and\ncharacter sequences in cookie values. A remote attacker could use this flaw\nto obtain sensitive information, such as session IDs, and then use this\ninformation for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: With this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nA cross-site scripting (XSS) flaw was found in the examples calendar\napplication. With some web browsers, remote attackers could use this flaw\nto inject arbitrary web script or HTML via the \"time\" parameter.\n(CVE-2009-0781)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1562", "url": "https://access.redhat.com/errata/RHSA-2009:1562" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "489028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489028" }, { "category": "external", "summary": "493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1562.json" } ], "title": "Red Hat Security Advisory: tomcat security update", "tracking": { "current_release_date": "2024-11-22T03:26:10+00:00", "generator": { "date": "2024-11-22T03:26:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1562", "initial_release_date": "2009-11-09T15:26:00+00:00", "revision_history": [ { "date": "2009-11-09T15:26:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-11-09T10:26:22+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:26:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Application Server v2 4AS", "product": { "name": "Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_server:2" } } }, { "category": "product_name", "name": "Red Hat Application Server v2 4ES", "product": { "name": "Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_server:2" } } }, { "category": "product_name", "name": "Red Hat Application Server v2 4WS", "product": { "name": "Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_server:2" } } } ], "category": "product_family", "name": "Red Hat Application Server" }, { "branches": [ { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.16?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4WS-RHAPS2" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-5333", "discovery_date": "2008-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427766" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", "title": "Vulnerability description" }, { "category": "summary", "text": "Improve cookie parsing for tomcat5", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5333" }, { "category": "external", "summary": "RHBZ#427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333" } ], "release_date": "2008-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:26:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1562" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Improve cookie parsing for tomcat5" }, { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:26:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1562" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0033", "discovery_date": "2009-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "493381" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Denial-Of-Service with AJP connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0033" }, { "category": "external", "summary": "RHBZ#493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:26:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1562" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat6 Denial-Of-Service with AJP connection" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:26:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1562" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0781", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2009-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "489028" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: XSS in Apache Tomcat calendar application", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0781\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0781" }, { "category": "external", "summary": "RHBZ#489028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489028" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0781", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781" } ], "release_date": "2009-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:26:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1562" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: XSS in Apache Tomcat calendar application" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-11-09T15:26:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1562" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
rhsa-2009_1164
Vulnerability from csaf_redhat
Published
2009-07-21 20:50
Modified
2024-11-22 03:25
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not
address all possible flaws in the way Tomcat handles certain characters and
character sequences in cookie values. A remote attacker could use this flaw
to obtain sensitive information, such as session IDs, and then use this
information for session hijacking attacks. (CVE-2007-5333)
Note: The fix for the CVE-2007-5333 flaw changes the default cookie
processing behavior: with this update, version 0 cookies that contain
values that must be quoted to be valid are automatically changed to version
1 cookies. To reactivate the previous, but insecure behavior, add the
following entry to the "/etc/tomcat5/catalina.properties" file:
org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false
It was discovered that request dispatchers did not properly normalize user
requests that have trailing query strings, allowing remote attackers to
send specially-crafted requests that would cause an information leak.
(CVE-2008-5515)
A flaw was found in the way the Tomcat AJP (Apache JServ Protocol)
connector processes AJP connections. An attacker could use this flaw to
send specially-crafted requests that would cause a temporary denial of
service. (CVE-2009-0033)
It was discovered that the error checking methods of certain authentication
classes did not have sufficient error checking, allowing remote attackers
to enumerate (via brute force methods) usernames registered with
applications running on Tomcat when FORM-based authentication was used.
(CVE-2009-0580)
A cross-site scripting (XSS) flaw was found in the examples calendar
application. With some web browsers, remote attackers could use this flaw
to inject arbitrary web script or HTML via the "time" parameter.
(CVE-2009-0781)
It was discovered that web applications containing their own XML parsers
could replace the XML parser Tomcat uses to parse configuration files. A
malicious web application running on a Tomcat instance could read or,
potentially, modify the configuration and XML-based data of other web
applications deployed on the same Tomcat instance. (CVE-2009-0783)
Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not\naddress all possible flaws in the way Tomcat handles certain characters and\ncharacter sequences in cookie values. A remote attacker could use this flaw\nto obtain sensitive information, such as session IDs, and then use this\ninformation for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: with this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nA cross-site scripting (XSS) flaw was found in the examples calendar\napplication. With some web browsers, remote attackers could use this flaw\nto inject arbitrary web script or HTML via the \"time\" parameter.\n(CVE-2009-0781)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1164", "url": "https://access.redhat.com/errata/RHSA-2009:1164" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "489028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489028" }, { "category": "external", "summary": "493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1164.json" } ], "title": "Red Hat Security Advisory: tomcat security update", "tracking": { "current_release_date": "2024-11-22T03:25:40+00:00", "generator": { "date": "2024-11-22T03:25:40+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1164", "initial_release_date": "2009-07-21T20:50:00+00:00", "revision_history": [ { "date": "2009-07-21T20:50:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-07-21T16:56:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:25:40+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=i386" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=ppc64" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "relates_to_product_reference": "5Server" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-5333", "discovery_date": "2008-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427766" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", "title": "Vulnerability description" }, { "category": "summary", "text": "Improve cookie parsing for tomcat5", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5333" }, { "category": "external", "summary": "RHBZ#427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333" } ], "release_date": "2008-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-21T20:50:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1164" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Improve cookie parsing for tomcat5" }, { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-21T20:50:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1164" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0033", "discovery_date": "2009-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "493381" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Denial-Of-Service with AJP connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0033" }, { "category": "external", "summary": "RHBZ#493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-21T20:50:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1164" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat6 Denial-Of-Service with AJP connection" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-21T20:50:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1164" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-0781", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2009-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "489028" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: XSS in Apache Tomcat calendar application", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0781\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0781" }, { "category": "external", "summary": "RHBZ#489028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489028" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0781", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781" } ], "release_date": "2009-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-21T20:50:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1164" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: XSS in Apache Tomcat calendar application" }, { "cve": "CVE-2009-0783", "discovery_date": "2009-06-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504153" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XML parser information disclosure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0783" }, { "category": "external", "summary": "RHBZ#504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" } ], "release_date": "2009-06-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-21T20:50:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1164" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XML parser information disclosure" } ] }
gsd-2009-0783
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2009-0783", "description": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "id": "GSD-2009-0783", "references": [ "https://www.suse.com/security/cve/CVE-2009-0783.html", "https://www.debian.org/security/2011/dsa-2207", "https://access.redhat.com/errata/RHSA-2009:1617", "https://access.redhat.com/errata/RHSA-2009:1616", "https://access.redhat.com/errata/RHSA-2009:1563", "https://access.redhat.com/errata/RHSA-2009:1562", "https://access.redhat.com/errata/RHSA-2009:1506", "https://access.redhat.com/errata/RHSA-2009:1454", "https://access.redhat.com/errata/RHSA-2009:1164", "https://access.redhat.com/errata/RHSA-2009:1146", "https://access.redhat.com/errata/RHSA-2009:1145", "https://access.redhat.com/errata/RHSA-2009:1144", "https://access.redhat.com/errata/RHSA-2009:1143", "https://linux.oracle.com/cve/CVE-2009-0783.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2009-0783" ], "details": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "id": "GSD-2009-0783", "modified": "2023-12-13T01:19:44.240529Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-0783", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "refsource": "MISC", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "name": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2" }, { "name": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2", "refsource": "MISC", "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "http://secunia.com/advisories/35685", "refsource": "MISC", "url": "http://secunia.com/advisories/35685" }, { "name": "http://secunia.com/advisories/35788", "refsource": "MISC", "url": "http://secunia.com/advisories/35788" }, { "name": "http://secunia.com/advisories/37460", "refsource": "MISC", "url": "http://secunia.com/advisories/37460" }, { "name": "http://secunia.com/advisories/42368", "refsource": "MISC", "url": "http://secunia.com/advisories/42368" }, { "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1", "refsource": "MISC", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" }, { "name": "http://support.apple.com/kb/HT4077", "refsource": "MISC", "url": "http://support.apple.com/kb/HT4077" }, { "name": "http://tomcat.apache.org/security-4.html", "refsource": "MISC", "url": "http://tomcat.apache.org/security-4.html" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "MISC", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "MISC", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "http://www.debian.org/security/2011/dsa-2207", "refsource": "MISC", "url": "http://www.debian.org/security/2011/dsa-2207" }, { "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136", "refsource": "MISC", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" }, { "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138", "refsource": "MISC", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" }, { "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176", "refsource": "MISC", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "name": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "refsource": "MISC", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "MISC", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "http://www.vupen.com/english/advisories/2009/1856", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2009/1856" }, { "name": "http://www.vupen.com/english/advisories/2009/3316", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "http://www.vupen.com/english/advisories/2010/3056", "refsource": "MISC", "url": "http://www.vupen.com/english/advisories/2010/3056" }, { "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html", "refsource": "MISC", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" }, { "name": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html", "refsource": "MISC", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" }, { "name": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html", "refsource": "MISC", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" }, { "name": "http://svn.apache.org/viewvc?rev=652592\u0026view=rev", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?rev=652592\u0026view=rev" }, { "name": "http://svn.apache.org/viewvc?rev=681156\u0026view=rev", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?rev=681156\u0026view=rev" }, { "name": "http://svn.apache.org/viewvc?rev=739522\u0026view=rev", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?rev=739522\u0026view=rev" }, { "name": "http://svn.apache.org/viewvc?rev=781542\u0026view=rev", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?rev=781542\u0026view=rev" }, { "name": "http://svn.apache.org/viewvc?rev=781708\u0026view=rev", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?rev=781708\u0026view=rev" }, { "name": "http://www.securityfocus.com/archive/1/504090/100/0/threaded", "refsource": "MISC", "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded" }, { "name": "http://www.securityfocus.com/bid/35416", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/35416" }, { "name": "http://www.securitytracker.com/id?1022336", "refsource": "MISC", "url": "http://www.securitytracker.com/id?1022336" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195" }, { "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936", "refsource": "MISC", "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936" }, { "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933", "refsource": "MISC", "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933" }, { "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716", "refsource": "MISC", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716" }, { "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913", "refsource": "MISC", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913" }, { "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450", "refsource": "MISC", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[4.1.0,4.1.39],[5.5.0,5.5.27],[6.0.0,6.0.18]", "affected_versions": "All versions starting from 4.1.0 up to 4.1.39, all versions starting from 5.5.0 up to 5.5.27, all versions starting from 6.0.0 up to 6.0.18", "cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-200", "CWE-937" ], "date": "2022-06-17", "description": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "fixed_versions": [ "6.0.20" ], "identifier": "CVE-2009-0783", "identifiers": [ "GHSA-hhjg-g8xq-hhr3", "CVE-2009-0783" ], "not_impacted": "All versions before 4.1.0, all versions after 4.1.39 before 5.5.0, all versions after 5.5.27 before 6.0.0, all versions after 6.0.18", "package_slug": "maven/org.apache.tomcat/tomcat", "pubdate": "2022-05-02", "solution": "Upgrade to version 6.0.20 or above.", "title": "Exposure of Sensitive Information to an Unauthorized Actor", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2009-0783", "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195", "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936", "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933", "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450", "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html", "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html", "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html", "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html", "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2", "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2", "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2", "http://support.apple.com/kb/HT4077", "http://svn.apache.org/viewvc?rev=652592\u0026view=rev", "http://svn.apache.org/viewvc?rev=681156\u0026view=rev", "http://svn.apache.org/viewvc?rev=739522\u0026view=rev", "http://svn.apache.org/viewvc?rev=781542\u0026view=rev", "http://svn.apache.org/viewvc?rev=781708\u0026view=rev", "http://tomcat.apache.org/security-4.html", "http://tomcat.apache.org/security-5.html", "http://tomcat.apache.org/security-6.html", "http://www.debian.org/security/2011/dsa-2207", "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "https://github.com/advisories/GHSA-hhjg-g8xq-hhr3" ], "uuid": "4c6bf839-5a01-44af-b6d2-e8f745d226a8" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.1.39", "versionStartIncluding": "4.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.5.27", "versionStartIncluding": "5.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.0.18", "versionStartIncluding": "6.0.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-0783" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "http://tomcat.apache.org/security-4.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://tomcat.apache.org/security-4.html" }, { "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933", "refsource": "CONFIRM", "tags": [ "Issue Tracking" ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933" }, { "name": "http://svn.apache.org/viewvc?rev=681156\u0026view=rev", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://svn.apache.org/viewvc?rev=681156\u0026view=rev" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "http://svn.apache.org/viewvc?rev=652592\u0026view=rev", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://svn.apache.org/viewvc?rev=652592\u0026view=rev" }, { "name": "http://svn.apache.org/viewvc?rev=781542\u0026view=rev", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://svn.apache.org/viewvc?rev=781542\u0026view=rev" }, { "name": "http://svn.apache.org/viewvc?rev=739522\u0026view=rev", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://svn.apache.org/viewvc?rev=739522\u0026view=rev" }, { "name": "http://svn.apache.org/viewvc?rev=781708\u0026view=rev", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://svn.apache.org/viewvc?rev=781708\u0026view=rev" }, { "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Patch" ], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936" }, { "name": "1022336", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1022336" }, { "name": "35416", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/35416" }, { "name": "MDVSA-2009:138", "refsource": "MANDRIVA", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" }, { "name": "MDVSA-2009:136", "refsource": "MANDRIVA", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" }, { "name": "SUSE-SR:2009:012", "refsource": "SUSE", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "name": "263529", "refsource": "SUNALERT", "tags": [ "Third Party Advisory" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" }, { "name": "ADV-2009-1856", "refsource": "VUPEN", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/1856" }, { "name": "35685", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/35685" }, { "name": "35788", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/35788" }, { "name": "ADV-2009-3316", "refsource": "VUPEN", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "FEDORA-2009-11356", "refsource": "FEDORA", "tags": [ "Third Party Advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" }, { "name": "FEDORA-2009-11352", "refsource": "FEDORA", "tags": [ "Third Party Advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" }, { "name": "FEDORA-2009-11374", "refsource": "FEDORA", "tags": [ "Third Party Advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" }, { "name": "37460", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/37460" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "MDVSA-2010:176", "refsource": "MANDRIVA", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "name": "HPSBUX02579", "refsource": "HP", "tags": [ "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2" }, { "name": "42368", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/42368" }, { "name": "ADV-2010-3056", "refsource": "VUPEN", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3056" }, { "name": "DSA-2207", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2011/dsa-2207" }, { "name": "HPSBUX02860", "refsource": "HP", "tags": [ "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "HPSBMA02535", "refsource": "HP", "tags": [ "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "name": "tomcat-xml-information-disclosure(51195)", "refsource": "XF", "tags": [ "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195" }, { "name": "oval:org.mitre.oval:def:6450", "refsource": "OVAL", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450" }, { "name": "oval:org.mitre.oval:def:18913", "refsource": "OVAL", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913" }, { "name": "oval:org.mitre.oval:def:10716", "refsource": "OVAL", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", "refsource": "BUGTRAQ", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded" }, { "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 0.8, "impactScore": 3.4 } }, "lastModifiedDate": "2023-02-13T01:17Z", "publishedDate": "2009-06-05T16:00Z" } } }
ghsa-hhjg-g8xq-hhr3
Vulnerability from github
Published
2022-05-02 03:18
Modified
2022-06-17 22:00
Severity ?
Summary
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Details
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.tomcat:tomcat" }, "ranges": [ { "events": [ { "introduced": "4.1.0" }, { "last_affected": "4.1.39" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.tomcat:tomcat" }, "ranges": [ { "events": [ { "introduced": "5.5.0" }, { "last_affected": "5.5.27" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 6.0.18" }, "package": { "ecosystem": "Maven", "name": "org.apache.tomcat:tomcat" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.20" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2009-0783" ], "database_specific": { "cwe_ids": [ "CWE-200" ], "github_reviewed": true, "github_reviewed_at": "2022-06-17T22:00:02Z", "nvd_published_at": "2009-06-05T16:00:00Z", "severity": "MODERATE" }, "details": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.", "id": "GHSA-hhjg-g8xq-hhr3", "modified": "2022-06-17T22:00:02Z", "published": "2022-05-02T03:18:15Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933" }, { "type": "WEB", "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "type": "WEB", "url": "http://secunia.com/advisories/35685" }, { "type": "WEB", "url": "http://secunia.com/advisories/35788" }, { "type": "WEB", "url": "http://secunia.com/advisories/37460" }, { "type": "WEB", "url": "http://secunia.com/advisories/42368" }, { "type": "WEB", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT4077" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?rev=652592\u0026view=rev" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?rev=681156\u0026view=rev" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?rev=739522\u0026view=rev" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?rev=781542\u0026view=rev" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?rev=781708\u0026view=rev" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-4.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-5.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-6.html" }, { "type": "WEB", "url": "http://www.debian.org/security/2011/dsa-2207" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/35416" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1022336" }, { "type": "WEB", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2009/1856" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/3056" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" } ], "summary": "Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.