rhsa-2020_1520
Vulnerability from csaf_redhat
Published
2020-04-21 11:07
Modified
2024-11-22 14:25
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release

Notes

Topic
Updated Red Hat JBoss Web Server 5.3.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3 serves as a replacement for Red Hat JBoss Web Server 5.2, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) * tomcat: local privilege escalation (CVE-2019-12418) * tomcat: session fixation (CVE-2019-17563) * tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2019-17569) * tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Red Hat JBoss Web Server 5.3.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this release as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.3 serves as a replacement for Red Hat JBoss Web Server 5.2, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)\n* tomcat: local privilege escalation (CVE-2019-12418)\n* tomcat: session fixation (CVE-2019-17563)\n* tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2019-17569)\n* tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:1520",
        "url": "https://access.redhat.com/errata/RHSA-2020:1520"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1785699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699"
      },
      {
        "category": "external",
        "summary": "1785711",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711"
      },
      {
        "category": "external",
        "summary": "1806398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
      },
      {
        "category": "external",
        "summary": "1806835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
      },
      {
        "category": "external",
        "summary": "1806849",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806849"
      },
      {
        "category": "external",
        "summary": "JWS-1419",
        "url": "https://issues.redhat.com/browse/JWS-1419"
      },
      {
        "category": "external",
        "summary": "JWS-1463",
        "url": "https://issues.redhat.com/browse/JWS-1463"
      },
      {
        "category": "external",
        "summary": "JWS-1465",
        "url": "https://issues.redhat.com/browse/JWS-1465"
      },
      {
        "category": "external",
        "summary": "JWS-1478",
        "url": "https://issues.redhat.com/browse/JWS-1478"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1520.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release",
    "tracking": {
      "current_release_date": "2024-11-22T14:25:46+00:00",
      "generator": {
        "date": "2024-11-22T14:25:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2020:1520",
      "initial_release_date": "2020-04-21T11:07:53+00:00",
      "revision_history": [
        {
          "date": "2020-04-21T11:07:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-04-21T11:07:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T14:25:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
                  "product_id": "7Server-JWS-5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
                  "product_id": "6Server-JWS-5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 5.3 for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss Web Server 5.3 for RHEL 8",
                  "product_id": "8Base-JWS-5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el7jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.23-4.redhat_4.el7jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el6jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.23-4.redhat_4.el6jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el8jws?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.23-4.redhat_4.el8jws?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el7jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el6jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el8jws?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el8jws?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                "product": {
                  "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_id": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.30-3.redhat_4.1.el7jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                "product": {
                  "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_id": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.30-3.redhat_4.1.el6jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                "product": {
                  "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_id": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.30-3.redhat_4.1.el8jws?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
                "product": {
                  "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
                  "product_id": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.23-4.redhat_4.el6jws?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
                "product": {
                  "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
                  "product_id": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.23-4.redhat_4.el6jws?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686 as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686 as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 6 Server",
          "product_id": "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch"
        },
        "product_reference": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
        "relates_to_product_reference": "6Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 7 Server",
          "product_id": "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch"
        },
        "product_reference": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
        "relates_to_product_reference": "7Server-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src"
        },
        "product_reference": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64"
        },
        "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.3 for RHEL 8",
          "product_id": "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        },
        "product_reference": "jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
        "relates_to_product_reference": "8Base-JWS-5.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12418",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2019-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785699"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user names and passwords used to access the JMX interface and gain complete control over the Tomcat instance.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: local privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw did not affect the versions of tomcat as shipped with Red Hat Enterprise Linux 5, as they did not include JMX Remote Lifecycle Listener, which was introduced in a later version of the package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785699",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-12418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12418"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49",
          "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99"
        }
      ],
      "release_date": "2019-11-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        },
        {
          "category": "workaround",
          "details": "Disable JMX Remote if monitoring is only needed locally and there is no need to monitor Tomcat remotely. If JMX Remote is required and cannot be disabled, then use the built-in remote JMX facilities provided by the JVM.\nPlease note that JMX Remote Lifecycle Listener is now deprecated and may be removed from both Tomcat 7 [1] and Tomcat 9 [2] after 2020-12-31.\n\n[1] https://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#Deprecated_Implementations\n[2] https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html#Deprecated_Implementations",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat: local privilege escalation"
    },
    {
      "cve": "CVE-2019-17563",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2019-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785711"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that tomcat\u0027s FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Session fixation when using FORM authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "All affected Red Hat products providing the affected component code should update their setups per the product fixes given.\n\nThe following Red Hat products are out of support scope for Low Impact flaws, and as such will not issue security fixes:\nRed Hat Enterprise Linux 5\nRed Hat Enterprise Linux 6\nRed Hat JBoss BPM Suite 6\nRed Hat JBoss BRMS 6",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785711",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785711"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17563"
        },
        {
          "category": "external",
          "summary": "http://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E",
          "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E"
        },
        {
          "category": "external",
          "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30",
          "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50"
        }
      ],
      "release_date": "2019-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Session fixation when using FORM authentication"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "@ZeddYu"
          ],
          "organization": "Apache Tomcat Security Team"
        }
      ],
      "cve": "CVE-2019-17569",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806849"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw did not affect the versions of Tomcat as shipped with Red Enterprise Linux 5, 6, 7 and 8, as they did not include the vulnerable code, which was introduced in a later version of the package.\n\nOpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17569"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806849",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806849"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17569"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17569",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17569"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        }
      ],
      "release_date": "2020-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "@ZeddYu"
          ],
          "organization": "Apache Tomcat Security Team"
        }
      ],
      "cve": "CVE-2020-1935",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2019-12-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806835"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806835",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        }
      ],
      "release_date": "2020-02-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        },
        {
          "category": "workaround",
          "details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling"
    },
    {
      "cve": "CVE-2020-1938",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1806398"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
          "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
          "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
          "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
          "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
          "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
          "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
          "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
          "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "RHBZ#1806398",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
        },
        {
          "category": "external",
          "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
          "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
          "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
          "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
        },
        {
          "category": "external",
          "summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
          "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
        },
        {
          "category": "external",
          "summary": "https://www.cnvd.org.cn/webinfo/show/5415",
          "url": "https://www.cnvd.org.cn/webinfo/show/5415"
        },
        {
          "category": "external",
          "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
          "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-21T11:07:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1520"
        },
        {
          "category": "workaround",
          "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
          "product_ids": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.src",
            "6Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.i686",
            "6Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el6jws.x86_64",
            "6Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "6Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el6jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.src",
            "7Server-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el7jws.x86_64",
            "7Server-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "7Server-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el7jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-admin-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-docs-webapp-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-el-3.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-javadoc-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-jsp-2.3-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-lib-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.src",
            "8Base-JWS-5.3:jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-native-debuginfo-0:1.2.23-4.redhat_4.el8jws.x86_64",
            "8Base-JWS-5.3:jws5-tomcat-selinux-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-servlet-4.0-api-0:9.0.30-3.redhat_4.1.el8jws.noarch",
            "8Base-JWS-5.3:jws5-tomcat-webapps-0:9.0.30-3.redhat_4.1.el8jws.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.