Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
557 vulnerabilities found for Tomcat by Apache
VAR-201405-0542
Vulnerability from variot - Updated: 2026-03-09 22:50java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Data Grid 6.3.0 update Advisory ID: RHSA-2014:0895-01 Product: Red Hat JBoss Data Grid Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0895.html Issue date: 2014-07-16 CVE Names: CVE-2014-0058 CVE-2014-0059 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 =====================================================================
- Summary:
Red Hat JBoss Data Grid 6.3.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Description:
Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan.
This release of Red Hat JBoss Data Grid 6.3.0 serves as a replacement for Red Hat JBoss Data Grid 6.2.1. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0 Release Notes. The Release Notes will be available shortly from https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/
This update also fixes the following security issues:
It was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)
It was found that JBoss Web did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)
It was found that the security audit functionality, provided by Red Hat JBoss Data Grid, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials. Refer to the Solution section of this advisory for additional information on the fix for this issue. (CVE-2014-0058)
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. (CVE-2014-0059)
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. (CVE-2014-0119)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.
All users of Red Hat JBoss Data Grid 6.2.1 as provided from the Red Hat Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.3.0.
- Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss Data Grid installation.
The provided patch to fix CVE-2014-0058 also allows greater control over which of the following components of web requests are captured in audit logs:
-
- parameters
-
- cookies
-
- headers
-
- attributes
It is also possible to selectively mask some elements of headers, parameters, cookies, and attributes using masks. This capability is provided by two system properties, which are introduced by this patch:
1) org.jboss.security.web.audit
Description: This property controls the granularity of the security auditing of web requests.
Possible values: off = Disables auditing of web requests headers = Audits only the headers of web requests cookies = Audits only the cookies of web requests parameters = Audits only the parameters of web requests attributes = Audits only the attributes of web requests headers,cookies,parameters = Audits the headers, cookies, and parameters of web requests headers,cookies = Audits the headers and cookies of web requests
Default Value: headers, parameters
Examples: Setting "org.jboss.security.web.audit=off" disables security auditing of web requests entirely. Setting "org.jboss.security.web.audit=headers" enables security auditing of only headers in web requests.
2) org.jboss.security.web.audit.mask
Description: This property can be used to specify a list of strings to be matched against headers, parameters, cookies, and attributes of web requests. Any element matching the specified masks will be excluded from security audit logging.
Possible values: Any comma separated string indicating keys of headers, parameters, cookies, and attributes.
Default Value: j_password, authorization
Note that currently the matching of the masks is fuzzy rather than strict. For example, a mask of "authorization" will mask both the header called authorization and the parameter called "custom_authorization". A future release may introduce strict masks.
- Bugs fixed (https://bugzilla.redhat.com/):
1063641 - CVE-2014-0058 Red Hat JBoss EAP6: Plain text password logging during security audit 1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application
- References:
https://www.redhat.com/security/data/cve/CVE-2014-0058.html https://www.redhat.com/security/data/cve/CVE-2014-0059.html https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://www.redhat.com/security/data/cve/CVE-2014-0119.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTxsOWXlSAg2UNWIIRAnvFAJ9oo6SpbAMA5fFfcl87bkcnKma7jQCeOY3U BKYtD4zlGceUuD+E3C1i3vE= =swqj -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. It includes various bug fixes, which are listed in the README file included with the patch files.
The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. The JBoss server process must be restarted for the update to take effect. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Also, back up any customized Red Hat JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- ============================================================================ Ubuntu Security Notice USN-2302-1 July 30, 2014
tomcat6, tomcat7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Tomcat.
Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine
Details:
David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. (CVE-2014-0075)
It was discovered that Tomcat did not properly restrict XSLT stylesheets. (CVE-2014-0096)
It was discovered that Tomcat incorrectly handled certain Content-Length headers. (CVE-2014-0099)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.1
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.5
Ubuntu 10.04 LTS: libtomcat6-java 6.0.24-2ubuntu1.16
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:052 http://www.mandriva.com/en/support/security/
Package : tomcat Date : March 3, 2015 Affected: Business Server 1.0
Problem Description:
Updated tomcat packages fix security vulnerabilities:
Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a Transfer-Encoding: chunked header (CVE-2013-4286).
Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322).
In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227 http://advisories.mageia.org/MGASA-2014-0148.html http://advisories.mageia.org/MGASA-2014-0268.html http://advisories.mageia.org/MGASA-2015-0081.html
Updated Packages:
Mandriva Business Server 1/X86_64: dce2bd5077a8e201da2a52717f3ef3a4 mbs1/x86_64/tomcat-7.0.59-1.mbs1.noarch.rpm 7908cc5facecb5c65c976cdff41b1d7c mbs1/x86_64/tomcat-admin-webapps-7.0.59-1.mbs1.noarch.rpm 21d8b843398fa256f05b1ad8464b6787 mbs1/x86_64/tomcat-docs-webapp-7.0.59-1.mbs1.noarch.rpm 27218eccc1ba454ef1cafea51976475a mbs1/x86_64/tomcat-el-2.2-api-7.0.59-1.mbs1.noarch.rpm cc0f94bb899c3a82ecb1daa0cccd40b9 mbs1/x86_64/tomcat-javadoc-7.0.59-1.mbs1.noarch.rpm 60c451802ce55df14445d2a560f544f8 mbs1/x86_64/tomcat-jsp-2.2-api-7.0.59-1.mbs1.noarch.rpm d7598284719161790f2617b715dbe444 mbs1/x86_64/tomcat-jsvc-7.0.59-1.mbs1.noarch.rpm 90279c92333646b38010bcf54f488e4a mbs1/x86_64/tomcat-lib-7.0.59-1.mbs1.noarch.rpm e8b29b53c91bee0b3ffdd224c6b00038 mbs1/x86_64/tomcat-log4j-7.0.59-1.mbs1.noarch.rpm a648279678ad5c804e8f7f9145ec794c mbs1/x86_64/tomcat-servlet-3.0-api-7.0.59-1.mbs1.noarch.rpm f0cb2c5e57edc0c4f7cda66d393165fb mbs1/x86_64/tomcat-webapps-7.0.59-1.mbs1.noarch.rpm cdaa6216b605cc23635cdeb4f77d32f9 mbs1/SRPMS/tomcat-7.0.59-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS NzlDtJatpPDeZdZ4nlO1fgg= =NWBY -----END PGP SIGNATURE----- . It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
For the oldstable distribution (wheezy), these problems have been fixed in version 6.0.45+dfsg-1~deb7u1
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.52"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle enterprise data quality 9.0.11"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1.2"
},
{
"_id": null,
"model": "rational lifecycle integration adapter",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for hp alm 1.0 to 1.1"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.63"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.71"
},
{
"_id": null,
"model": "communications policy management",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "12.1.1 and earlier"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "i"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "7.x"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "8.x"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.9.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.4"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.4.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1.4"
},
{
"_id": null,
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "i advanced"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.53"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.7.3"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle enterprise data quality 8.1.2"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "6.0.39"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-587"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002700"
},
{
"db": "NVD",
"id": "CVE-2014-0096"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:ibm_urbancode_release",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_policy_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:virtualization_secure_global_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002700"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "127480"
},
{
"db": "PACKETSTORM",
"id": "127337"
},
{
"db": "PACKETSTORM",
"id": "131227"
},
{
"db": "PACKETSTORM",
"id": "127367"
},
{
"db": "PACKETSTORM",
"id": "127336"
}
],
"trust": 0.5
},
"cve": "CVE-2014-0096",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0096",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0096",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0096",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-587",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-587"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002700"
},
{
"db": "NVD",
"id": "CVE-2014-0096"
}
]
},
"description": {
"_id": null,
"data": "java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Data Grid 6.3.0 update\nAdvisory ID: RHSA-2014:0895-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0895.html\nIssue date: 2014-07-16\nCVE Names: CVE-2014-0058 CVE-2014-0059 CVE-2014-0075 \n CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Data Grid 6.3.0, which fixes multiple security issues,\nvarious bugs, and adds enhancements, is now available from the Red Hat\nCustomer Portal. \n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Description:\n\nRed Hat JBoss Data Grid is a distributed in-memory data grid, based on\nInfinispan. \n\nThis release of Red Hat JBoss Data Grid 6.3.0 serves as a replacement for\nRed Hat JBoss Data Grid 6.2.1. It includes various bug fixes and\nenhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/\n\nThis update also fixes the following security issues:\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes\nwhen using chunked transfer encoding. A remote attacker could use this flaw\nto perform a denial of service attack against JBoss Web by streaming an\nunlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a JBoss Web server\nlocated behind a reverse proxy that processed the content length header\ncorrectly. (CVE-2014-0099)\n\nIt was found that the security audit functionality, provided by Red Hat\nJBoss Data Grid, logged request parameters in plain text. This may have\ncaused passwords to be included in the audit log files when using BASIC or\nFORM-based authentication. A local attacker with access to audit log files\ncould possibly use this flaw to obtain application or server authentication\ncredentials. Refer to the Solution section of this advisory for additional\ninformation on the fix for this issue. (CVE-2014-0058)\n\nIt was found that the security auditing functionality provided by PicketBox\nand JBossSX, both security frameworks for Java applications, used a\nworld-readable audit.log file to record sensitive information. A local user\ncould possibly use this flaw to gain access to the sensitive information in\nthe audit.log file. (CVE-2014-0059)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web allowed the definition of XML External Entities\n(XXEs) in provided XSLTs. A malicious application could use this to\ncircumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity. \n\nAll users of Red Hat JBoss Data Grid 6.2.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.3.0. \n\n3. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Data Grid installation. \n\nThe provided patch to fix CVE-2014-0058 also allows greater control over\nwhich of the following components of web requests are captured in audit\nlogs:\n\n- - parameters\n- - cookies\n- - headers\n- - attributes\n\nIt is also possible to selectively mask some elements of headers,\nparameters, cookies, and attributes using masks. This capability is\nprovided by two system properties, which are introduced by this patch:\n\n1) org.jboss.security.web.audit\n\nDescription:\nThis property controls the granularity of the security auditing of web\nrequests. \n\nPossible values:\noff = Disables auditing of web requests\nheaders = Audits only the headers of web requests\ncookies = Audits only the cookies of web requests\nparameters = Audits only the parameters of web requests\nattributes = Audits only the attributes of web requests\nheaders,cookies,parameters = Audits the headers, cookies, and parameters of\nweb requests\nheaders,cookies = Audits the headers and cookies of web requests\n\nDefault Value:\nheaders, parameters\n\nExamples:\nSetting \"org.jboss.security.web.audit=off\" disables security auditing of\nweb requests entirely. \nSetting \"org.jboss.security.web.audit=headers\" enables security auditing of\nonly headers in web requests. \n\n2) org.jboss.security.web.audit.mask\n\nDescription:\nThis property can be used to specify a list of strings to be matched\nagainst headers, parameters, cookies, and attributes of web requests. \nAny element matching the specified masks will be excluded from security\naudit logging. \n\nPossible values:\nAny comma separated string indicating keys of headers, parameters, cookies,\nand attributes. \n\nDefault Value:\nj_password, authorization\n\nNote that currently the matching of the masks is fuzzy rather than strict. \nFor example, a mask of \"authorization\" will mask both the header called\nauthorization and the parameter called \"custom_authorization\". A future\nrelease may introduce strict masks. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1063641 - CVE-2014-0058 Red Hat JBoss EAP6: Plain text password logging during security audit\n1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file\n1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header\n1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0058.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0059.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0075.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0096.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0099.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0119.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=distributions\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTxsOWXlSAg2UNWIIRAnvFAJ9oo6SpbAMA5fFfcl87bkcnKma7jQCeOY3U\nBKYtD4zlGceUuD+E3C1i3vE=\n=swqj\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. JBoss Data Virtualization makes data\nspread across physically distinct systems-such as multiple databases, XML\nfiles, and even Hadoop systems-appear as a set of tables in a local\ndatabase. It includes various bug fixes, which are listed in\nthe README file included with the patch files. \n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section. \nThe JBoss server process must be restarted for the update to take effect. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. ============================================================================\nUbuntu Security Notice USN-2302-1\nJuly 30, 2014\n\ntomcat6, tomcat7 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. \n\nSoftware Description:\n- tomcat7: Servlet and JSP engine\n- tomcat6: Servlet and JSP engine\n\nDetails:\n\nDavid Jorm discovered that Tomcat incorrectly handled certain requests\nsubmitted using chunked transfer encoding. (CVE-2014-0075)\n\nIt was discovered that Tomcat did not properly restrict XSLT stylesheets. (CVE-2014-0096)\n\nIt was discovered that Tomcat incorrectly handled certain Content-Length\nheaders. \n(CVE-2014-0099)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libtomcat7-java 7.0.52-1ubuntu0.1\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.5\n\nUbuntu 10.04 LTS:\n libtomcat6-java 6.0.24-2ubuntu1.16\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:052\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : tomcat\n Date : March 3, 2015\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated tomcat packages fix security vulnerabilities:\n \n Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP\n connector is used, does not properly handle certain inconsistent HTTP\n request headers, which allows remote attackers to trigger incorrect\n identification of a request\u0026#039;s length and conduct request-smuggling\n attacks via (1) multiple Content-Length headers or (2) a Content-Length\n header and a Transfer-Encoding: chunked header (CVE-2013-4286). \n \n Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding\n without properly handling (1) a large total amount of chunked data or\n (2) whitespace characters in an HTTP header value within a trailer\n field, which allows remote attackers to cause a denial of service by\n streaming data (CVE-2013-4322). \n \n In Apache Tomcat 7.x before 7.0.55, it was possible to craft a\n malformed chunk as part of a chunked request that caused Tomcat to\n read part of the request body as a new request (CVE-2014-0227). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227\n http://advisories.mageia.org/MGASA-2014-0148.html\n http://advisories.mageia.org/MGASA-2014-0268.html\n http://advisories.mageia.org/MGASA-2015-0081.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n dce2bd5077a8e201da2a52717f3ef3a4 mbs1/x86_64/tomcat-7.0.59-1.mbs1.noarch.rpm\n 7908cc5facecb5c65c976cdff41b1d7c mbs1/x86_64/tomcat-admin-webapps-7.0.59-1.mbs1.noarch.rpm\n 21d8b843398fa256f05b1ad8464b6787 mbs1/x86_64/tomcat-docs-webapp-7.0.59-1.mbs1.noarch.rpm\n 27218eccc1ba454ef1cafea51976475a mbs1/x86_64/tomcat-el-2.2-api-7.0.59-1.mbs1.noarch.rpm\n cc0f94bb899c3a82ecb1daa0cccd40b9 mbs1/x86_64/tomcat-javadoc-7.0.59-1.mbs1.noarch.rpm\n 60c451802ce55df14445d2a560f544f8 mbs1/x86_64/tomcat-jsp-2.2-api-7.0.59-1.mbs1.noarch.rpm\n d7598284719161790f2617b715dbe444 mbs1/x86_64/tomcat-jsvc-7.0.59-1.mbs1.noarch.rpm\n 90279c92333646b38010bcf54f488e4a mbs1/x86_64/tomcat-lib-7.0.59-1.mbs1.noarch.rpm\n e8b29b53c91bee0b3ffdd224c6b00038 mbs1/x86_64/tomcat-log4j-7.0.59-1.mbs1.noarch.rpm\n a648279678ad5c804e8f7f9145ec794c mbs1/x86_64/tomcat-servlet-3.0-api-7.0.59-1.mbs1.noarch.rpm\n f0cb2c5e57edc0c4f7cda66d393165fb mbs1/x86_64/tomcat-webapps-7.0.59-1.mbs1.noarch.rpm \n cdaa6216b605cc23635cdeb4f77d32f9 mbs1/SRPMS/tomcat-7.0.59-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS\nNzlDtJatpPDeZdZ4nlO1fgg=\n=NWBY\n-----END PGP SIGNATURE-----\n. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 6.0.45+dfsg-1~deb7u1",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0096"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002700"
},
{
"db": "PACKETSTORM",
"id": "127480"
},
{
"db": "PACKETSTORM",
"id": "127337"
},
{
"db": "PACKETSTORM",
"id": "131227"
},
{
"db": "PACKETSTORM",
"id": "127367"
},
{
"db": "PACKETSTORM",
"id": "127681"
},
{
"db": "PACKETSTORM",
"id": "130617"
},
{
"db": "PACKETSTORM",
"id": "127336"
},
{
"db": "PACKETSTORM",
"id": "136437"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0096",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "59678",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59616",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59835",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59849",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59121",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59732",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59873",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60729",
"trust": 1.6
},
{
"db": "BID",
"id": "67667",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1030301",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002700",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201405-587",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "127480",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127337",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131227",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127367",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130617",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127336",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136437",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "127480"
},
{
"db": "PACKETSTORM",
"id": "127337"
},
{
"db": "PACKETSTORM",
"id": "131227"
},
{
"db": "PACKETSTORM",
"id": "127367"
},
{
"db": "PACKETSTORM",
"id": "127681"
},
{
"db": "PACKETSTORM",
"id": "130617"
},
{
"db": "PACKETSTORM",
"id": "127336"
},
{
"db": "PACKETSTORM",
"id": "136437"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-587"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002700"
},
{
"db": "NVD",
"id": "CVE-2014-0096"
}
]
},
"id": "VAR-201405-0542",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2026-03-09T22:50:51.290000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Apache Tomcat 6.x vulnerabilities",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"title": "Apache Tomcat 7.x vulnerabilities",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"title": "Apache Tomcat 8.x vulnerabilities",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"title": "Revision 1578611",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578611"
},
{
"title": "Revision 1585853",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1585853"
},
{
"title": "Revision 1578610",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578610"
},
{
"title": "Revision 1578637",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578637"
},
{
"title": "Revision 1578655",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578655"
},
{
"title": "HS15-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-007/index.html"
},
{
"title": "1678231",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"title": "1681528",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"title": "7010166",
"trust": 0.8,
"url": "http://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"title": "ELSA-2014-0865",
"trust": 0.8,
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html"
},
{
"title": "RHSA-2015:0234",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2015-0234.html"
},
{
"title": "RHSA-2015:0235",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2015-0235.html"
},
{
"title": "RHSA-2015:0675",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"title": "RHSA-2015:0720",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"title": "RHSA-2015:0765",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"title": "CVE-2014-0096 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0096_permissions_privileges"
},
{
"title": "October 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
},
{
"title": "October 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2014_critical_patch_update"
},
{
"title": "VMSA-2014-0012",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"title": "HS15-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-007/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002700"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002700"
},
{
"db": "NVD",
"id": "CVE-2014-0096"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://advisories.mageia.org/mgasa-2014-0268.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0765.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-february/150282.html"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1585853"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0675.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1030301"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60729"
},
{
"trust": 1.6,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59121"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59732"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/may/135"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59678"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59835"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04851013"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:052"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59616"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:053"
},
{
"trust": 1.6,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/67667"
},
{
"trust": 1.6,
"url": "http://linux.oracle.com/errata/elsa-2014-0865.html"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"trust": 1.6,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.6,
"url": "http://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59873"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2016/dsa-3552"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578637"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578611"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578655"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578610"
},
{
"trust": 1.6,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0720.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59849"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0096"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0075.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0096.html"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0099.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0119.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.grid\u0026downloadtype=distributions"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0895.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_grid/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0059.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0058.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0058"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0059"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0836.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-4002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3490"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3530"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.services.platform\u0026downloadtype=securitypatches\u0026version=6.0.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-5855"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0099"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5855"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0075"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2012-6153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0119"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3530"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0843.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2302-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.24-2ubuntu1.16"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0148.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0081.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0833.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7810"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5174"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0230"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "127480"
},
{
"db": "PACKETSTORM",
"id": "127337"
},
{
"db": "PACKETSTORM",
"id": "131227"
},
{
"db": "PACKETSTORM",
"id": "127367"
},
{
"db": "PACKETSTORM",
"id": "127681"
},
{
"db": "PACKETSTORM",
"id": "130617"
},
{
"db": "PACKETSTORM",
"id": "127336"
},
{
"db": "PACKETSTORM",
"id": "136437"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-587"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002700"
},
{
"db": "NVD",
"id": "CVE-2014-0096"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "PACKETSTORM",
"id": "127480",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127337",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "131227",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127367",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127681",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130617",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127336",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136437",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201405-587",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002700",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0096",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-07-16T22:26:09",
"db": "PACKETSTORM",
"id": "127480",
"ident": null
},
{
"date": "2014-07-03T23:00:46",
"db": "PACKETSTORM",
"id": "127337",
"ident": null
},
{
"date": "2015-04-01T00:39:42",
"db": "PACKETSTORM",
"id": "131227",
"ident": null
},
{
"date": "2014-07-07T20:28:43",
"db": "PACKETSTORM",
"id": "127367",
"ident": null
},
{
"date": "2014-07-30T22:53:18",
"db": "PACKETSTORM",
"id": "127681",
"ident": null
},
{
"date": "2015-03-03T16:54:21",
"db": "PACKETSTORM",
"id": "130617",
"ident": null
},
{
"date": "2014-07-03T23:00:39",
"db": "PACKETSTORM",
"id": "127336",
"ident": null
},
{
"date": "2016-03-26T13:13:00",
"db": "PACKETSTORM",
"id": "136437",
"ident": null
},
{
"date": "2014-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-587",
"ident": null
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002700",
"ident": null
},
{
"date": "2014-05-31T11:17:13.233000",
"db": "NVD",
"id": "CVE-2014-0096",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-587",
"ident": null
},
{
"date": "2016-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002700",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0096",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "127337"
},
{
"db": "PACKETSTORM",
"id": "127367"
},
{
"db": "PACKETSTORM",
"id": "127681"
},
{
"db": "PACKETSTORM",
"id": "130617"
},
{
"db": "PACKETSTORM",
"id": "127336"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-587"
}
],
"trust": 1.1
},
"title": {
"_id": null,
"data": "Apache Tomcat Vulnerability that could bypass the security manager limitation in the default servlet",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002700"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-587"
}
],
"trust": 0.6
}
}
VAR-200703-0007
Vulnerability from variot - Updated: 2026-03-09 22:49Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. Note that this vulnerability can only be exploited when using apache proxy modules like mod_proxy, mod_rewrite or mod_jk.
Workaround
There is no known workaround at this time.
Resolution
All Tomcat users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-5.5.22"
References
[ 1 ] CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200705-03.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Impact: Refer to the CVE identifiers for details.
Summary: Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Refer to the References section for the full list of resolved issues by CVE identifier.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a Medium risk rating.
Affected Products: CA Cohesion Application Configuration Manager 4.5
Non-Affected Products CA Cohesion Application Configuration Manager 4.5 SP1
Affected Platforms: Windows
Status and Recommendation: CA has issued the following update to address the vulnerabilities.
CA Cohesion Application Configuration Manager 4.5:
RO04648 https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search &searchID=RO04648
How to determine if you are affected:
- Using Windows Explorer, locate the file "RELEASE-NOTES".
- By default, the file is located in the "C:\Program Files\CA\Cohesion\Server\server\" directory.
- Open the file with a text editor.
- If the version is less than 5.5.25, the installation is vulnerable.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ CA20090123-01: Security Notice for Cohesion Tomcat https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975 40 Solution Document Reference APARs: RO04648 CA Security Response Blog posting: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx Reported By: n/a CVE References: CVE-2005-2090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090 CVE-2005-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510 CVE-2006-3835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835 CVE-2006-7195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195 CVE-2006-7196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196 CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 CVE-2007-1355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355 CVE-2007-1358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358 CVE-2007-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858 CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 CVE-2007-3385 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 CVE-2008-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128 *Note: the issue was not completely fixed by Tomcat maintainers. OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release v1.1 - Updated Impact, Summary, Affected Products
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01178795 Version: 1
HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-02 Last Updated: 2007-10-02
Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.
References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache
BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01
action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. The update is available on https://www.hp.com/go/softwaredepot/ Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00.
MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- .
Multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications allow remote authenticated users to inject arbitrary web script or HTML (CVE-2007-2450).
Tomcat treated single quotes as delimiters in cookies, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3382).
Tomcat did not properly handle the " character sequence in a cookie value, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3385).
A cross-site scripting vulnerability in the Host Manager servlet allowed remote attackers to inject arbitrary HTML and web script via crafted attacks (CVE-2007-3386).
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
Updated Packages:
Mandriva Linux 2007.1: 2eaba952d2699868ef76ca11dc7743e2 2007.1/i586/tomcat5-5.5.17-6.2.4.1mdv2007.1.i586.rpm 037b18dda99d06be0b77f35964257902 2007.1/i586/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm d9e6c355370c0e3f9aebc7ba0edd99d5 2007.1/i586/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm fcb4fa36ea0926a0fbd92d1f9c9d9671 2007.1/i586/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.i586.rpm fedd1a27a4f46d0d793c3ceb21a57246 2007.1/i586/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm ab5985c840c14c812b3e72dae54407f0 2007.1/i586/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm 6266395d78af5f64ce7a150b9175fab7 2007.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm 08335caaa65e97003aa67d465ce60ae1 2007.1/i586/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm 3a4f5995900419c7354804ae0dc548b6 2007.1/i586/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm 0c27ba521cee0d06627f121df3a138c9 2007.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm 07537a59d8549f412dc4c9a783f41177 2007.1/i586/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: aea539336fa58a995ae1411fe61934c2 2007.1/x86_64/tomcat5-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 0225750a0d4ef032915783d0b29c1504 2007.1/x86_64/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 8223d038509a71f537f537909e9ef863 2007.1/x86_64/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm dedd59d873c5bb4e608b1328595f2d98 2007.1/x86_64/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm c0ef0eda05488b8b571e6700a9365ea3 2007.1/x86_64/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 95dae961b82630d633fc3419383dbe4b 2007.1/x86_64/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 41378a0106da001d545681c185b2f5c3 2007.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 5448b57b7667414c12aabb1da5e528fa 2007.1/x86_64/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 9a277ae64587b81f61e8c118ba4d4571 2007.1/x86_64/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 1be4b0eea59741ef7efb0f51f97e19c7 2007.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm d3965a643dbdc8e685ff4b5861877254 2007.1/x86_64/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm
Mandriva Linux 2008.0: 828e35db12f9dab3a5e63c475c289f88 2008.0/i586/tomcat5-5.5.23-9.2.10.1mdv2008.0.i586.rpm 5e98b01f16f8213db5e842dcb47e4e8b 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm fd483503d3f313775be4c098858a4e0d 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm 23dffdf05e1c50d5cfea045552c8f3bb 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.i586.rpm 3da9fcc0e4c0c8366b676e0770b8fe7c 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm 03222fbcf7fad63aa6920d5d4ee55ee2 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm 566362e78e6dd5f853b616204453aa0d 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm fd00fd2a4faa567523ba9ce959ad1efa 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm 8a8c1b69636876ac31b0968edce82d3f 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm 85d0641840725e728f18cc86925d1923 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm 3e62b31a3fce47b8d7e2de2ecc7eb29d 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: a44ed55a6a2943e5ba39ea6473a2af27 2008.0/x86_64/tomcat5-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 292e2c0a822a736fe85c498c17bb09c6 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm c8ee3862233f323278d0b97a3f07a74d 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 0c944fe5d8725da8fd4e57e89539fa21 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm bcbb50b5978295bd40ec24212ca77a8a 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 472c0a30c7ad74c0cb63da51142de438 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 10c6da9615553dc07e2f59d226f30a1d 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 53eba8a64c428e6e2a14e59095f958b4 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 8c6849bcca11457dffd03aa9c9e9a35f 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm b5b42989963c31f79a997c9c18ed4cb4 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 667a7b6fe2d3bc22ef64d87c2a6b9fe7 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHXZ68mqjQ0CJFipgRAhO2AKC+AwaCU8LmMtlbmj5Q9HgrOr3PTwCeMZo1 QKCxPSeNSXZPdPEE6c2TDyk= =z6UT -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA15852
SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Summary:
Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1. Relevant releases:
VirtualCenter Management Server 2 ESX Server 3.0.2 without patch ESX-1002434 ESX Server 3.0.1 without patch ESX-1003176
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to these issues.
JRE Security Update This release of VirtualCenter Server updates the JRE package from 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in the earlier release of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3004 to this issue.
Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices. Solution:
Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.
VMware VirtualCenter 2.0.2 Update 2 Release Notes http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html
VirtualCenter CD image md5sum d7d98a5d7f8afff32cee848f860d3ba7
VirtualCenter as Zip md5sum 3b42ec350121659e10352ca2d76e212b
ESX Server 3.0.2 http://kb.vmware.com/kb/1002434 md5sum: 2f52251f6ace3d50934344ef313539d5
ESX Server 3.0.1 http://kb.vmware.com/kb/1003176 md5sum: 5674ca0dcfac90726014cc316444996e
- Contact:
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce@lists.vmware.com
- bugtraq@securityfocus.com
- full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.22"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "5.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "drupal",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pear xml rpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpxmlrpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postnuke",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "serendipity",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wordpress",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xoops",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpmyfaq",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "4.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "4.1.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "5.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "5.5.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"_id": null,
"model": "interscan messaging security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 7.x"
},
{
"_id": null,
"model": "trendmicro interscan messaging security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 7.x"
},
{
"_id": null,
"model": "trendmicro interscan web security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 3.x"
},
{
"_id": null,
"model": "trendmicro interscan web security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 2.x"
},
{
"_id": null,
"model": "trendmicro interscan web security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 3.x"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v4.x/v5.x"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v4.x/v5.x"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v4.x/v5.x"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "uddi registry v1.1 ~ v2.1"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v4.x/v5.x"
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "win32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.0"
},
{
"_id": null,
"model": "virtualcenter management server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.2"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.1"
},
{
"_id": null,
"model": "linux enterprise server sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"_id": null,
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"_id": null,
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"_id": null,
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"_id": null,
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"_id": null,
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"_id": null,
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86-64"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86"
},
{
"_id": null,
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86-64"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86"
},
{
"_id": null,
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)4.2"
},
{
"_id": null,
"model": "enterprise linux virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux hardware certification",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop multi os client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux clustering server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux cluster-storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5.0"
},
{
"_id": null,
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4.2"
},
{
"_id": null,
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4.1"
},
{
"_id": null,
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4.0"
},
{
"_id": null,
"model": "hat network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3)4.2"
},
{
"_id": null,
"model": "hat enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.3"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.3"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "associates cohesion application configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.5"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.22"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.21"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.20"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.19"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.18"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.17"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.16"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.15"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.14"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.13"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.12"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.11"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.10"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.9"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.8"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.7"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.6"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.5"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.4"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.3"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.2"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.1"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.4"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.3"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.2"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.1"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0"
},
{
"_id": null,
"model": "associates cohesion application configuration manager sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "computer",
"version": "4.5"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.23"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "22960"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
}
]
},
"credits": {
"_id": null,
"data": "David Matscheko",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0450",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2007-0450",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-0450",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#442845",
"trust": 0.8,
"value": "20.75"
},
{
"author": "NVD",
"id": "CVE-2007-0450",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-400",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-0450",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"description": {
"_id": null,
"data": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. \nExploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. \nVersions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. Note that this vulnerability can only be exploited when using\napache proxy modules like mod_proxy, mod_rewrite or mod_jk. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Tomcat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-5.5.22\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-0450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200705-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\n\n\nCA Advisory Reference: CA20090123-01\n\n\nCA Advisory Date: 2009-01-23\n\n\nReported By: n/a\n\n\nImpact: Refer to the CVE identifiers for details. \n\n\nSummary: Multiple security risks exist in Apache Tomcat as \nincluded with CA Cohesion Application Configuration Manager. CA \nhas issued an update to address the vulnerabilities. Refer to the \nReferences section for the full list of resolved issues by CVE \nidentifier. \n\n\nMitigating Factors: None\n\n\nSeverity: CA has given these vulnerabilities a Medium risk rating. \n\n\nAffected Products:\nCA Cohesion Application Configuration Manager 4.5\n\n\nNon-Affected Products\nCA Cohesion Application Configuration Manager 4.5 SP1\n\n\nAffected Platforms:\nWindows\n\n\nStatus and Recommendation:\nCA has issued the following update to address the vulnerabilities. \n\nCA Cohesion Application Configuration Manager 4.5:\n\nRO04648\nhttps://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search\n\u0026searchID=RO04648\n\n\nHow to determine if you are affected:\n\n1. Using Windows Explorer, locate the file \"RELEASE-NOTES\". \n2. By default, the file is located in the \n \"C:\\Program Files\\CA\\Cohesion\\Server\\server\\\" directory. \n3. Open the file with a text editor. \n4. If the version is less than 5.5.25, the installation is \n vulnerable. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nCA20090123-01: Security Notice for Cohesion Tomcat\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975\n40\nSolution Document Reference APARs:\nRO04648\nCA Security Response Blog posting:\nCA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx\nReported By: \nn/a\nCVE References:\nCVE-2005-2090\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090\nCVE-2005-3510\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510\nCVE-2006-3835\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835\nCVE-2006-7195\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195\nCVE-2006-7196\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196\nCVE-2007-0450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\nCVE-2007-1355\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355\nCVE-2007-1358\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358\nCVE-2007-1858\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858\nCVE-2007-2449\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\nCVE-2007-2450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\nCVE-2007-3382\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\nCVE-2007-3385 *\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\nCVE-2007-3386\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\nCVE-2008-0128\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128\n*Note: the issue was not completely fixed by Tomcat maintainers. \nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\nv1.1 - Updated Impact, Summary, Affected Products\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\n82\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01178795\nVersion: 1\n\nHPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-02\nLast Updated: 2007-10-02\n\nPotential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. \n\nReferences: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache\n\nBACKGROUND\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended patch or update is installed. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision A.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \n\naction: install revision B.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \nHP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \nThe update is available on https://www.hp.com/go/softwaredepot/ \nNote: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. \n\nMANUAL ACTIONS: Yes - Update \nInstall HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 02 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ\nHHoe3AY1sc6hrW3Xk+B1hcbr\n=+E1W\n-----END PGP SIGNATURE-----\n. \n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450). \n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382). \n \n Tomcat did not properly handle the \" character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385). \n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.1:\n 2eaba952d2699868ef76ca11dc7743e2 2007.1/i586/tomcat5-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 037b18dda99d06be0b77f35964257902 2007.1/i586/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n d9e6c355370c0e3f9aebc7ba0edd99d5 2007.1/i586/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n fcb4fa36ea0926a0fbd92d1f9c9d9671 2007.1/i586/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n fedd1a27a4f46d0d793c3ceb21a57246 2007.1/i586/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n ab5985c840c14c812b3e72dae54407f0 2007.1/i586/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 6266395d78af5f64ce7a150b9175fab7 2007.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 08335caaa65e97003aa67d465ce60ae1 2007.1/i586/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 3a4f5995900419c7354804ae0dc548b6 2007.1/i586/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 0c27ba521cee0d06627f121df3a138c9 2007.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 07537a59d8549f412dc4c9a783f41177 2007.1/i586/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm \n b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n aea539336fa58a995ae1411fe61934c2 2007.1/x86_64/tomcat5-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 0225750a0d4ef032915783d0b29c1504 2007.1/x86_64/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 8223d038509a71f537f537909e9ef863 2007.1/x86_64/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n dedd59d873c5bb4e608b1328595f2d98 2007.1/x86_64/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n c0ef0eda05488b8b571e6700a9365ea3 2007.1/x86_64/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 95dae961b82630d633fc3419383dbe4b 2007.1/x86_64/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 41378a0106da001d545681c185b2f5c3 2007.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 5448b57b7667414c12aabb1da5e528fa 2007.1/x86_64/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 9a277ae64587b81f61e8c118ba4d4571 2007.1/x86_64/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 1be4b0eea59741ef7efb0f51f97e19c7 2007.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n d3965a643dbdc8e685ff4b5861877254 2007.1/x86_64/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm \n b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n 828e35db12f9dab3a5e63c475c289f88 2008.0/i586/tomcat5-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 5e98b01f16f8213db5e842dcb47e4e8b 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n fd483503d3f313775be4c098858a4e0d 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 23dffdf05e1c50d5cfea045552c8f3bb 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 3da9fcc0e4c0c8366b676e0770b8fe7c 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 03222fbcf7fad63aa6920d5d4ee55ee2 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 566362e78e6dd5f853b616204453aa0d 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n fd00fd2a4faa567523ba9ce959ad1efa 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 8a8c1b69636876ac31b0968edce82d3f 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 85d0641840725e728f18cc86925d1923 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 3e62b31a3fce47b8d7e2de2ecc7eb29d 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm \n 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n a44ed55a6a2943e5ba39ea6473a2af27 2008.0/x86_64/tomcat5-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 292e2c0a822a736fe85c498c17bb09c6 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n c8ee3862233f323278d0b97a3f07a74d 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 0c944fe5d8725da8fd4e57e89539fa21 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n bcbb50b5978295bd40ec24212ca77a8a 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 472c0a30c7ad74c0cb63da51142de438 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 10c6da9615553dc07e2f59d226f30a1d 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 53eba8a64c428e6e2a14e59095f958b4 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 8c6849bcca11457dffd03aa9c9e9a35f 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n b5b42989963c31f79a997c9c18ed4cb4 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 667a7b6fe2d3bc22ef64d87c2a6b9fe7 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm \n 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFHXZ68mqjQ0CJFipgRAhO2AKC+AwaCU8LmMtlbmj5Q9HgrOr3PTwCeMZo1\nQKCxPSeNSXZPdPEE6c2TDyk=\n=z6UT\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 2.0.5. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Summary:\n\n Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX\n Server 3.0.2, and ESX 3.0.1. Relevant releases:\n\n VirtualCenter Management Server 2\n ESX Server 3.0.2 without patch ESX-1002434\n ESX Server 3.0.1 without patch ESX-1003176\n\n3. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to\n these issues. \n\n JRE Security Update\n This release of VirtualCenter Server updates the JRE package from\n 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in\n the earlier release of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2007-3004 to this issue. \n\n Security best practices provided by VMware recommend that the\n service console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n VMware VirtualCenter 2.0.2 Update 2 Release Notes\n http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html\n\n VirtualCenter CD image\n md5sum d7d98a5d7f8afff32cee848f860d3ba7\n\n VirtualCenter as Zip\n md5sum 3b42ec350121659e10352ca2d76e212b\n\n ESX Server 3.0.2\n http://kb.vmware.com/kb/1002434\n md5sum: 2f52251f6ace3d50934344ef313539d5\n\n ESX Server 3.0.1\n http://kb.vmware.com/kb/1003176\n md5sum: 5674ca0dcfac90726014cc316444996e\n\n5. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce@lists.vmware.com\n * bugtraq@securityfocus.com\n * full-disclosure@lists.grok.org.uk\n\nE-mail: security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0450"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "BID",
"id": "22960"
},
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "PACKETSTORM",
"id": "56411"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "61679"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "PACKETSTORM",
"id": "62402"
}
],
"trust": 3.24
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=29739",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-0450"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-0450",
"trust": 3.3
},
{
"db": "BID",
"id": "22960",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "24732",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "28365",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30899",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25106",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26235",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30908",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27037",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26660",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33668",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25280",
"trust": 1.7
},
{
"db": "SREASON",
"id": "2446",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1979",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3386",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2732",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-0233",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0975",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3087",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0065",
"trust": 1.7
},
{
"db": "BID",
"id": "25159",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "15884",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15810",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15922",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15852",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15855",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15861",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15862",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15872",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15883",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15895",
"trust": 0.8
},
{
"db": "BID",
"id": "14088",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014327",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#442845",
"trust": 0.8
},
{
"db": "XF",
"id": "32988",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29739",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-0450",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56411",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59939",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61679",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62402",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "BID",
"id": "22960"
},
{
"db": "PACKETSTORM",
"id": "56411"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "61679"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "PACKETSTORM",
"id": "62402"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"id": "VAR-200703-0007",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-03-09T22:49:17.916000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache Tomcat 6.0.10",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"title": "Fixed in Apache Tomcat 4.1.36",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"title": "Fixed in Apache Tomcat 5.5.22, 5.0.SVN",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"title": "HPSBUX02262",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01178795"
},
{
"title": "HPSBUX02262",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02262.html"
},
{
"title": "tomcat4 (V2.x)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1168"
},
{
"title": "NV09-001",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv09-001.html"
},
{
"title": "RHSA-2007:0327",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0327.html"
},
{
"title": "239312",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
},
{
"title": "imss_70_lx32_en_sp1_patch2_readme",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/documentation/readme/imss_70_lx32_en_sp1_patch2_readme.txt"
},
{
"title": "readme_imss70_lin_sp1_patch1_b3356",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/70/readme_imss70_lin_sp1_patch1_b3356.txt"
},
{
"title": "imss_70_win32_en_sp1_patch2_readme",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/documentation/readme/imss_70_win32_en_sp1_patch2_readme.txt"
},
{
"title": "readme_imss70_sol_sp1_patch1_b81460",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/sol/70/readme_imss70_sol_sp1_patch1_b81460_r2.txt"
},
{
"title": "iwss_31_lx32_en_patch2_readme",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/documentation/readme/iwss_31_lx32_en_patch2_readme.txt"
},
{
"title": "interstage_as_200702",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200702.html"
},
{
"title": "2064149",
"trust": 0.8,
"url": "http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2064149"
},
{
"title": "2064436",
"trust": 0.8,
"url": "http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2064436"
},
{
"title": "RHSA-2007:0327",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0327J.html"
},
{
"title": "VMware Security Advisories: Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=0fde1d7289a7f706413e4e8620446740"
},
{
"title": "Capstone-Red-vs-Blue-CySec-Report",
"trust": 0.1,
"url": "https://github.com/ActualSalt/Capstone-Red-vs-Blue-CySec-Report "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/22960"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24732"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/25159"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-206.htm"
},
{
"trust": 2.0,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197540"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
},
{
"trust": 1.7,
"url": "http://www.sec-consult.com/287.html"
},
{
"trust": 1.7,
"url": "http://www.sec-consult.com/fileadmin/advisories/20070314-0-apache_tomcat_directory_traversal.txt"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25106"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0327.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25280"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0360.html"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26235"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26660"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27037"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/2446"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:241"
},
{
"trust": 1.7,
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28365"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30908"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30899"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33668"
},
{
"trust": 1.7,
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/0233"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/0975"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3087"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3386"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/1979/references"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/0065"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01178795"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10643"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0450"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15884/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15852/"
},
{
"trust": 0.8,
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15861/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15862/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15895/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15883/"
},
{
"trust": 0.8,
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15855/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15810/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15872/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15922/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14088"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2007/0975"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/32988"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0450"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0450"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "/archive/1/500412"
},
{
"trust": 0.3,
"url": "/archive/1/481830"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45f7f67f.8050403@sec-consult.com"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0327.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-1069.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2449"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3386"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2450"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3382"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3385"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2090"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1358"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2450"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2090"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7195"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3385"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3386"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1355"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-7195"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2449"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://github.com/actualsalt/capstone-red-vs-blue-cysec-report"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/29739/"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/security/advisories/vmsa-2008-0002.html"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7196"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0128"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3510"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0128"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3835"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1355"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3835"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1858"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/redirarticles?reqpage=search"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-7196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/softwaredepot/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0774"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2756"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/showfiles.php?group_id=36679"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3004"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1003176"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1002434"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3004"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/resources/techresources/726"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "BID",
"id": "22960"
},
{
"db": "PACKETSTORM",
"id": "56411"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "61679"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "PACKETSTORM",
"id": "62402"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2007-0450",
"ident": null
},
{
"db": "BID",
"id": "22960",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "56411",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "74289",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "59939",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "61679",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "38390",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "62402",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-0450",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2005-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"date": "2007-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2007-0450",
"ident": null
},
{
"date": "2007-03-14T00:00:00",
"db": "BID",
"id": "22960",
"ident": null
},
{
"date": "2007-05-03T07:01:34",
"db": "PACKETSTORM",
"id": "56411",
"ident": null
},
{
"date": "2009-01-27T23:27:39",
"db": "PACKETSTORM",
"id": "74289",
"ident": null
},
{
"date": "2007-10-10T05:27:27",
"db": "PACKETSTORM",
"id": "59939",
"ident": null
},
{
"date": "2007-12-11T01:29:29",
"db": "PACKETSTORM",
"id": "61679",
"ident": null
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38390",
"ident": null
},
{
"date": "2008-01-08T16:58:51",
"db": "PACKETSTORM",
"id": "62402",
"ident": null
},
{
"date": "2006-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-400",
"ident": null
},
{
"date": "2007-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000217",
"ident": null
},
{
"date": "2007-03-16T22:19:00",
"db": "NVD",
"id": "CVE-2007-0450",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"date": "2019-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2007-0450",
"ident": null
},
{
"date": "2010-08-05T20:45:00",
"db": "BID",
"id": "22960",
"ident": null
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-400",
"ident": null
},
{
"date": "2010-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000217",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-0450",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
}
],
"trust": 0.6
}
}
VAR-200808-0011
Vulnerability from variot - Updated: 2026-03-09 22:13Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. The following versions are affected: Tomcat 4.1.0 through 4.1.37 Tomcat 5.5.0 through 5.5.26 Tomcat 6.0.0 through 6.0.16 Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2008-2370: Apache Tomcat information disclosure vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected
Description: When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory.
Mitigation: 6.0.x users should upgrade to 6.0.18 5.5.x users should obtain the latest source from svn or apply this patch which will be included from 5.5.27 http://svn.apache.org/viewvc?rev=680949&view=rev 4.1.x users should obtain the latest source from svn or apply this patch which will be included from 4.1.38 http://svn.apache.org/viewvc?rev=680950&view=rev
Example: For a page that contains: <% pageContext.forward("/page2.jsp?somepar=someval&par="+request.getParameter("blah")); %> an attacker can use: http://host/page.jsp?blah=/../WEB-INF/web.xml
Credit: This issue was discovered by Stefano Di Paola of Minded Security Research Labs. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939 Version: 1
HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02 Last Updated: 2009-02-02
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com
Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01
HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot
HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot
HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 February 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0016 Synopsis: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Issue date: 2009-11-20 Updated on: 2009-11-20 (initial release of advisory) CVE numbers: --- JRE --- CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718 CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724 --- Tomcat --- CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 --- ntp --- CVE-2009-1252 CVE-2009-0159 --- kernel --- CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778 CVE-2008-4307 CVE-2009-0834 CVE-2009-1337 CVE-2009-0787 CVE-2009-1336 CVE-2009-1439 CVE-2009-1633 CVE-2009-1072 CVE-2009-1630 CVE-2009-1192 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 CVE-2009-2692 CVE-2009-2698 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 --- python --- CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 --- bind --- CVE-2009-0696 --- libxml and libxml2 --- CVE-2009-2414 CVE-2009-2416 --- curl -- CVE-2009-2417 --- gnutil --- CVE-2007-2052
- Summary
Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds.
- Relevant releases
vCenter Server 4.0 before Update 1
ESXi 4.0 without patch ESXi400-200911201-UG
ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG, ESX400-200911232-SG, ESX400-200911233-SG, ESX400-200911234-SG, ESX400-200911235-SG, ESX400-200911237-SG, ESX400-200911238-SG
vMA 4.0 before patch 02
- Problem Description
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
Server 2.0 any affected, patch pending
Server 1.0 any not affected
ACE any any not affected
Fusion any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2 *
-
vMA JRE is updated to version JRE 1.5.0_21
Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of JRE depends on your patch deployment history.
b. Update Apache Tomcat version to 6.0.20
Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 which addresses multiple security issues that existed in the previous version of Apache Tomcat.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ======== ======== ======= ======================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
ACE any Windows not affected
Server 2.x any affected, patch pending Server 1.x any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
The currently installed version of Tomcat depends on
your patch deployment history.
c. Third party library update for ntp.
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0.
The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.0 ESXi ESXi400-200911201-UG
ESXi 3.5 ESXi affected, patch pending
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. Service Console update for ntp
Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
The Service Console present in ESX is affected by the following security issues.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
NTP authentication is not enabled by default on the Service Console.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue.
The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911238-SG
ESX 3.5 ESX affected, patch pending **
ESX 3.0.3 ESX affected, patch pending **
ESX 2.5.5 ESX affected, patch pending **
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not affected by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5.
e. Updated Service Console package kernel
Updated Service Console package kernel addresses the security
issues below.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,
CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,
CVE-2009-0778 to the security issues fixed in kernel
2.6.18-128.1.6.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,
CVE-2009-0787, CVE-2009-1336 to the security issues fixed in
kernel 2.6.18-128.1.10.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,
CVE-2009-1630, CVE-2009-1192 to the security issues fixed in
kernel 2.6.18-128.1.14.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,
CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the
security issues fixed in kernel 2.6.18-128.4.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2692, CVE-2009-2698 to the
security issues fixed in kernel 2.6.18-128.7.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,
CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues
fixed in kernel 2.6.18-164.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911201-UG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 Patch 2 **
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** vMA is updated to kernel version 2.6.18-164.
f. Updated Service Console package python
Service Console package Python update to version 2.4.3-24.el5.
When the assert() system call was disabled, an input sanitization
flaw was revealed in the Python string object implementation that
led to a buffer overflow. The missing check for negative size values
meant the Python memory allocator could allocate less memory than
expected. This could result in arbitrary code execution with the
Python interpreter's privileges.
Multiple buffer and integer overflow flaws were found in the Python
Unicode string processing and in the Python Unicode and string
object implementations. An attacker could use these flaws to cause
a denial of service.
Multiple integer overflow flaws were found in the Python imageop
module. If a Python application used the imageop module to
process untrusted images, it could cause the application to
disclose sensitive information, crash or, potentially, execute
arbitrary code with the Python interpreter's privileges.
Multiple integer underflow and overflow flaws were found in the
Python snprintf() wrapper implementation. An attacker could use
these flaws to cause a denial of service (memory corruption).
Multiple integer overflow flaws were found in various Python
modules. An attacker could use these flaws to cause a denial of
service.
An integer signedness error, leading to a buffer overflow, was
found in the Python zlib extension module. If a Python application
requested the negative byte count be flushed for a decompression
stream, it could cause the application to crash or, potentially,
execute arbitrary code with the Python interpreter's privileges.
A flaw was discovered in the strxfrm() function of the Python
locale module. Strings generated by this function were not properly
NULL-terminated, which could possibly cause disclosure of data
stored in the memory of a Python application using this function.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143
CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911235-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. Updated Service Console package bind
Service Console package bind updated to version 9.3.6-4.P1.el5
The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server
(named); a resolver library (routines for applications to use when
interfacing with DNS); and tools for verifying that the DNS server
is operating correctly.
A flaw was found in the way BIND handles dynamic update message
packets containing the "ANY" record type. A remote attacker could
use this flaw to send a specially-crafted dynamic update packet
that could cause named to exit with an assertion failure.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0696 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911237-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
h. Updated Service Console package libxml2
Service Console package libxml2 updated to version 2.6.26-2.1.2.8.
libxml is a library for parsing and manipulating XML files. A
Document Type Definition (DTD) defines the legal syntax (and also
which elements can be used) for certain types of files, such as XML
files.
A stack overflow flaw was found in the way libxml processes the
root XML document element definition in a DTD. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
Multiple use-after-free flaws were found in the way libxml parses
the Notation and Enumeration attribute types. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2414 and CVE-2009-2416 to these
issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911234-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
i. Updated Service Console package curl
Service Console package curl updated to version 7.15.5-2.1.el5_3.5
A cURL is affected by the previously published "null prefix attack",
caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker
could use the certificate during a man-in-the-middle attack and
potentially confuse cURL into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2417 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911232-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
j. Updated Service Console package gnutls
Service Console package gnutil updated to version 1.4.1-3.el5_3.5
A flaw was discovered in the way GnuTLS handles NULL characters in
certain fields of X.509 certificates. If an attacker is able to get
a carefully-crafted certificate signed by a Certificate Authority
trusted by an application using GnuTLS, the attacker could use the
certificate during a man-in-the-middle attack and potentially
confuse the application into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2730 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911233-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
VMware vCenter Server 4 Update 1
Version 4.0 Update 1 Build Number 208156 Release Date 2009/11/19 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware vCenter Server 4 and modules File size: 1.8 GB File type: .iso MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5 SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1
VMware vCenter Server 4 and modules File size: 1.5 GB File type: .zip MD5SUM: f843d9c19795eb3bc5a77f5c545468a8 SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c
VMware vSphere Client and Host Update Utility File size: 113.8 MB File type: .exe MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9 SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959
VMware vCenter Converter BootCD File size: 98.8 MB File type: .zip MD5SUM: 3df94eb0e93de76b0389132ada2a3799 SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c
VMware vCenter Converter CLI (Linux) File size: 36.9 MB File type: .tar.gz MD5SUM: 3766097563936ba5e03e87e898f6bd48 SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4
ESXi 4.0 Update 1
ESXi400-200911201-UG
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip md5sum:c6fdd6722d9e5cacb280bdcc2cca0627 sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e http://kb.vmware.com/kb/1014886
NOTE: The three ESXi patches for Firmware, VMware Tools, and the VI Client "C" are contained in a single download file.
ESX 4.0 Update 1
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip md5sum: 68934321105c34dcda4cbeeab36a2b8f sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b http://kb.vmware.com/kb/1014842
To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG -b ESX400-200911233-SG update
- References
CVE numbers --- JRE --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 --- Tomcat --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 --- ntp --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 --- kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 --- python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 --- bind --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 --- libxml and libxml2 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 --- curl -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 --- gnutil --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
- Change log
2009-11-20 VMSA-2009-0016 Initial security advisory after release of vCenter 4.0 Update 1 and ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/lifecycle/
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+ dtoAniXz+9xLskrkPr3oUzAcDeV729WG =wSRz -----END PGP SIGNATURE----- .
Affected Products
The WiKID Strong Authentication Server - Enterprise Edition The WiKID Strong Authentication Server - Community Edition
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
Mitigation
Commercial users may download the most recent RPMs from the website: http://www.wikidsystems.com/downloads/
Users of the open source community version may download packages from Sourceforge: https://sourceforge.net/project/showfiles.php?group_id=144774
Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Two-factor authentication, without the hassle factor. References
Tomcat release notes tomcat.apache.org/security-5.html
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232).
A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947).
A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
Updated Packages:
Mandriva Linux 2008.0: 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8 j+sCdAEJN0CXvurmFcjUvNU= =+kFf -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"_id": null,
"model": "virtualcenter",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "2.0.2"
},
{
"_id": null,
"model": "virtualcenter",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "2.5"
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "drupal",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pear xml rpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpxmlrpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postnuke",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "serendipity",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wordpress",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xoops",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpmyfaq",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "4.1.0 to 4.1.37 version"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "5.5.0 to 5.5.26 version"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 to 6.0.16 version"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.0.3"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.5"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "2.x"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.5"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "(sparc)"
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "(x86)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"_id": null,
"model": "hp xp p9000 performance advisor software",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "5.4.1"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systems wikid server",
"scope": "eq",
"trust": 0.3,
"vendor": "wikid",
"version": "3.0.4"
},
{
"_id": null,
"model": "virtualcenter 2.5.update build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "31"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.55"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.52"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.51"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.25"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.24"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.23"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.22"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.21"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.1"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.2"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.1"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0.1"
},
{
"_id": null,
"model": "red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "red hat network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)5.1"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "jboss enterprise application platform el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "jboss enterprise application platform .cp03",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "developer suite as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "application server ws4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"_id": null,
"model": "application server es4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"_id": null,
"model": "application server as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20080"
},
{
"_id": null,
"model": "zenworks linux management",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "7.3"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "xp p9000 performance advisor",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.4.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "meeting exchange enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.6"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.5"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.9"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1"
},
{
"_id": null,
"model": "ode",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.2"
},
{
"_id": null,
"model": "ode",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0"
},
{
"_id": null,
"model": "systems wikid server",
"scope": "ne",
"trust": 0.3,
"vendor": "wikid",
"version": "3.0.5"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.56"
},
{
"_id": null,
"model": "vcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.01"
},
{
"_id": null,
"model": "opensolaris build snv 101",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform .cp04",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "xp p9000 performance advisor",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.5.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.38"
},
{
"_id": null,
"model": "ode",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "30494"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:esx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:vcenter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:virtualcenter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:opensolaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:xp_9000_performance_advisor_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
}
]
},
"credits": {
"_id": null,
"data": "\u0026#65279;Stefano Di Paola",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
}
],
"trust": 0.6
},
"cve": "CVE-2008-2370",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2008-2370",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-2370",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#442845",
"trust": 0.8,
"value": "20.75"
},
{
"author": "NVD",
"id": "CVE-2008-2370",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-030",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-2370",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"description": {
"_id": null,
"data": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. \nRemote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. \nThe following versions are affected:\nTomcat 4.1.0 through 4.1.37\nTomcat 5.5.0 through 5.5.26\nTomcat 6.0.0 through 6.0.16\nTomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCVE-2008-2370: Apache Tomcat information disclosure vulnerability\n\nSeverity: Important\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nTomcat 4.1.0 to 4.1.37\nTomcat 5.5.0 to 5.5.26\nTomcat 6.0.0 to 6.0.16\nThe unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected\n\nDescription:\nWhen using a RequestDispatcher the target path was normalised before the\nquery string was removed. A request that included a specially crafted\nrequest parameter could be used to access content that would otherwise be\nprotected by a security constraint or by locating it in under the WEB-INF\ndirectory. \n\nMitigation:\n6.0.x users should upgrade to 6.0.18\n5.5.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 5.5.27\nhttp://svn.apache.org/viewvc?rev=680949\u0026view=rev\n4.1.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 4.1.38\nhttp://svn.apache.org/viewvc?rev=680950\u0026view=rev\n\nExample:\nFor a page that contains:\n\u003c%\npageContext.forward(\"/page2.jsp?somepar=someval\u0026par=\"+request.getParameter(\"blah\"));\n%\u003e\nan attacker can use:\nhttp://host/page.jsp?blah=/../WEB-INF/web.xml\n\nCredit:\nThis issue was discovered by \ufeffStefano Di Paola of Minded Security Research\nLabs. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01650939\nVersion: 1\n\nHPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-02-02\nLast Updated: 2009-02-02\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. \n\nReferences: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location: \nURL: http://software.hp.com \n\nNote: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 \nand HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 \n\nHP-UX Release - B.11.23 and B.11.31 PA-32\nApache Depot name - HPUXWSATW-B302-32.depot\n \nHP-UX Release - B.11.23 and B.11.31 IA-64\nApache Depot name - HPUXWSATW-B302-64.depot\n \nHP-UX Release - B.11.11 PA-32\nApache Depot name - HPUXWSATW-B222-1111.depot\n \n\nMANUAL ACTIONS: Yes - Update \n\nInstall Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \nhpuxwsWEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 2 February 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0016\nSynopsis: VMware vCenter and ESX update release and vMA patch\n release address multiple security issue in third\n party components\nIssue date: 2009-11-20\nUpdated on: 2009-11-20 (initial release of advisory)\nCVE numbers: --- JRE ---\n CVE-2009-1093 CVE-2009-1094 CVE-2009-1095\n CVE-2009-1096 CVE-2009-1097 CVE-2009-1098\n CVE-2009-1099 CVE-2009-1100 CVE-2009-1101\n CVE-2009-1102 CVE-2009-1103 CVE-2009-1104\n CVE-2009-1105 CVE-2009-1106 CVE-2009-1107\n CVE-2009-2625 CVE-2009-2670 CVE-2009-2671\n CVE-2009-2672 CVE-2009-2673 CVE-2009-2675\n CVE-2009-2676 CVE-2009-2716 CVE-2009-2718\n CVE-2009-2719 CVE-2009-2720 CVE-2009-2721\n CVE-2009-2722 CVE-2009-2723 CVE-2009-2724\n --- Tomcat ---\n CVE-2008-5515 CVE-2009-0033 CVE-2009-0580\n CVE-2009-0781 CVE-2009-0783 CVE-2008-1232\n CVE-2008-1947 CVE-2008-2370 CVE-2007-5333\n CVE-2007-5342 CVE-2007-5461 CVE-2007-6286\n CVE-2008-0002\n --- ntp ---\n CVE-2009-1252 CVE-2009-0159\n --- kernel ---\n CVE-2008-3528 CVE-2008-5700 CVE-2009-0028\n CVE-2009-0269 CVE-2009-0322 CVE-2009-0675\n CVE-2009-0676 CVE-2009-0778 CVE-2008-4307\n CVE-2009-0834 CVE-2009-1337 CVE-2009-0787\n CVE-2009-1336 CVE-2009-1439 CVE-2009-1633\n CVE-2009-1072 CVE-2009-1630 CVE-2009-1192\n CVE-2007-5966 CVE-2009-1385 CVE-2009-1388\n CVE-2009-1389 CVE-2009-1895 CVE-2009-2406\n CVE-2009-2407 CVE-2009-2692 CVE-2009-2698\n CVE-2009-0745 CVE-2009-0746 CVE-2009-0747\n CVE-2009-0748 CVE-2009-2847 CVE-2009-2848\n --- python ---\n CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142\n CVE-2008-3143 CVE-2008-3144 CVE-2008-4864\n CVE-2008-5031\n --- bind ---\n CVE-2009-0696\n --- libxml and libxml2 ---\n CVE-2009-2414 CVE-2009-2416\n --- curl --\n CVE-2009-2417\n --- gnutil ---\n CVE-2007-2052\n- -----------------------------------------------------------------------\n\n1. Summary\n\n Updated Java JRE packages and Tomcat packages address several security\n issues. Updates for the ESX Service Console and vMA include kernel,\n ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is\n also updated for ESXi userworlds. \n\n2. Relevant releases\n\n vCenter Server 4.0 before Update 1\n\n ESXi 4.0 without patch ESXi400-200911201-UG\n\n ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG,\n ESX400-200911232-SG, ESX400-200911233-SG,\n ESX400-200911234-SG, ESX400-200911235-SG,\n ESX400-200911237-SG, ESX400-200911238-SG\n\n vMA 4.0 before patch 02\n\n3. Problem Description\n\n a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security\n issues that existed in earlier releases of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\n CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,\n CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,\n CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n Server 2.0 any affected, patch pending\n Server 1.0 any not affected\n\n ACE any any not affected\n\n Fusion any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2 *\n\n * vMA JRE is updated to version JRE 1.5.0_21\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of JRE depends on your patch\n deployment history. \n\n\n b. Update Apache Tomcat version to 6.0.20\n\n Update for VirtualCenter and ESX patch update the Tomcat package to\n version 6.0.20 which addresses multiple security issues that existed\n in the previous version of Apache Tomcat. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580,\n CVE-2009-0781, CVE-2009-0783. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,\n CVE-2007-6286, CVE-2008-0002. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ======== ======== ======= =======================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n ACE any Windows not affected\n\n Server 2.x any affected, patch pending\n Server 1.x any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of Tomcat depends on\n your patch deployment history. \n\n c. Third party library update for ntp. \n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the\n following security issue. Note that the same security issue is\n present in the ESX Service Console as described in section d. of\n this advisory. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n The NTP security issue identified by CVE-2009-0159 is not relevant\n for ESXi 3.5 and ESXi 4.0. \n\n The following table lists what action remediates the vulnerability\n in this component (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 4.0 ESXi ESXi400-200911201-UG\n ESXi 3.5 ESXi affected, patch pending\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n d. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2\n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n The Service Console present in ESX is affected by the following\n security issues. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n NTP authentication is not enabled by default on the Service Console. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n A buffer overflow flaw was found in the ntpq diagnostic command. A\n malicious, remote server could send a specially-crafted reply to an\n ntpq request that could crash ntpq or, potentially, execute\n arbitrary code with the privileges of the user running the ntpq\n command. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0159 to this issue. \n\n The following table lists what action remediates the vulnerability\n in the Service Console (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911238-SG\n ESX 3.5 ESX affected, patch pending **\n ESX 3.0.3 ESX affected, patch pending **\n ESX 2.5.5 ESX affected, patch pending **\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not\naffected\n by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a\n low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5. \n\n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security\n issues below. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,\n CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,\n CVE-2009-0778 to the security issues fixed in kernel\n 2.6.18-128.1.6. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,\n CVE-2009-0787, CVE-2009-1336 to the security issues fixed in\n kernel 2.6.18-128.1.10. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,\n CVE-2009-1630, CVE-2009-1192 to the security issues fixed in\n kernel 2.6.18-128.1.14. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,\n CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the\n security issues fixed in kernel 2.6.18-128.4.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2692, CVE-2009-2698 to the\n security issues fixed in kernel 2.6.18-128.7.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,\n CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues\n fixed in kernel 2.6.18-164. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911201-UG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 Patch 2 **\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** vMA is updated to kernel version 2.6.18-164. \n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5. \n\n When the assert() system call was disabled, an input sanitization\n flaw was revealed in the Python string object implementation that\n led to a buffer overflow. The missing check for negative size values\n meant the Python memory allocator could allocate less memory than\n expected. This could result in arbitrary code execution with the\n Python interpreter\u0027s privileges. \n\n Multiple buffer and integer overflow flaws were found in the Python\n Unicode string processing and in the Python Unicode and string\n object implementations. An attacker could use these flaws to cause\n a denial of service. \n\n Multiple integer overflow flaws were found in the Python imageop\n module. If a Python application used the imageop module to\n process untrusted images, it could cause the application to\n disclose sensitive information, crash or, potentially, execute\n arbitrary code with the Python interpreter\u0027s privileges. \n\n Multiple integer underflow and overflow flaws were found in the\n Python snprintf() wrapper implementation. An attacker could use\n these flaws to cause a denial of service (memory corruption). \n\n Multiple integer overflow flaws were found in various Python\n modules. An attacker could use these flaws to cause a denial of\n service. \n\n An integer signedness error, leading to a buffer overflow, was\n found in the Python zlib extension module. If a Python application\n requested the negative byte count be flushed for a decompression\n stream, it could cause the application to crash or, potentially,\n execute arbitrary code with the Python interpreter\u0027s privileges. \n\n A flaw was discovered in the strxfrm() function of the Python\n locale module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data\n stored in the memory of a Python application using this function. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143\n CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911235-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the\n Domain Name System (DNS) protocols. BIND includes a DNS server\n (named); a resolver library (routines for applications to use when\n interfacing with DNS); and tools for verifying that the DNS server\n is operating correctly. \n\n A flaw was found in the way BIND handles dynamic update message\n packets containing the \"ANY\" record type. A remote attacker could\n use this flaw to send a specially-crafted dynamic update packet\n that could cause named to exit with an assertion failure. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0696 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911237-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8. \n\n libxml is a library for parsing and manipulating XML files. A\n Document Type Definition (DTD) defines the legal syntax (and also\n which elements can be used) for certain types of files, such as XML\n files. \n\n A stack overflow flaw was found in the way libxml processes the\n root XML document element definition in a DTD. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n Multiple use-after-free flaws were found in the way libxml parses\n the Notation and Enumeration attribute types. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2414 and CVE-2009-2416 to these\n issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911234-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published \"null prefix attack\",\n caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker\n could use the certificate during a man-in-the-middle attack and\n potentially confuse cURL into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2417 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911232-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in\n certain fields of X.509 certificates. If an attacker is able to get\n a carefully-crafted certificate signed by a Certificate Authority\n trusted by an application using GnuTLS, the attacker could use the\n certificate during a man-in-the-middle attack and potentially\n confuse the application into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2730 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911233-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n\n VMware vCenter Server 4 Update 1\n --------------------------------\n Version 4.0 Update 1\n Build Number 208156\n Release Date 2009/11/19\n Type Product Binaries\n http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1\n\n VMware vCenter Server 4 and modules\n File size: 1.8 GB\n File type: .iso\n MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5\n SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1\n\n VMware vCenter Server 4 and modules\n File size: 1.5 GB\n File type: .zip\n MD5SUM: f843d9c19795eb3bc5a77f5c545468a8\n SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c\n\n VMware vSphere Client and Host Update Utility\n File size: 113.8 MB\n File type: .exe\n MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9\n SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959\n\n VMware vCenter Converter BootCD\n File size: 98.8 MB\n File type: .zip\n MD5SUM: 3df94eb0e93de76b0389132ada2a3799\n SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c\n\n VMware vCenter Converter CLI (Linux)\n File size: 36.9 MB\n File type: .tar.gz\n MD5SUM: 3766097563936ba5e03e87e898f6bd48\n SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4\n\n\n ESXi 4.0 Update 1\n -----------------\n ESXi400-200911201-UG\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip\n md5sum:c6fdd6722d9e5cacb280bdcc2cca0627\n sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e\n http://kb.vmware.com/kb/1014886\n\n NOTE: The three ESXi patches for Firmware, VMware Tools, and the\n VI Client \"C\" are contained in a single download file. \n\n\n ESX 4.0 Update 1\n ----------------\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip\n md5sum: 68934321105c34dcda4cbeeab36a2b8f\n sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b\n http://kb.vmware.com/kb/1014842\n\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG\n -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG\n -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG\n -b ESX400-200911233-SG update\n\n\n5. References\n\n CVE numbers\n --- JRE ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724\n --- Tomcat ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002\n --- ntp ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159\n --- kernel ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848\n --- python ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031\n --- bind ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n --- libxml and libxml2 ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416\n --- curl --\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417\n --- gnutil ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-11-20 VMSA-2009-0016\nInitial security advisory after release of vCenter 4.0 Update 1 and\nESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/lifecycle/\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.11 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+\ndtoAniXz+9xLskrkPr3oUzAcDeV729WG\n=wSRz\n-----END PGP SIGNATURE-----\n. \n\n\nAffected Products\n=================\nThe WiKID Strong Authentication Server - Enterprise Edition\nThe WiKID Strong Authentication Server - Community Edition\n\nReferences\n==========\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n\nMitigation\n==========\n\nCommercial users may download the most recent RPMs from the website:\nhttp://www.wikidsystems.com/downloads/\n\nUsers of the open source community version may download packages from\nSourceforge:\nhttps://sourceforge.net/project/showfiles.php?group_id=144774\n\n\n\n- --\nNick Owen\nWiKID Systems, Inc. \n404-962-8983 (desk)\nhttp://www.wikidsystems.com\nTwo-factor authentication, without the hassle factor. References\n\n Tomcat release notes\n tomcat.apache.org/security-5.html\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n\n- - ------------------------------------------------------------------------\n6. \n \n A cross-site scripting vulnerability was found in the\n HttpServletResponse.sendError() method which could allow a remote\n attacker to inject arbitrary web script or HTML via forged HTTP headers\n (CVE-2008-1232). \n \n A cross-site scripting vulnerability was found in the host manager\n application that could allow a remote attacker to inject arbitrary\n web script or HTML via the hostname parameter (CVE-2008-1947). \n \n A traversal vulnerability was found when the \u0027allowLinking\u0027 and\n \u0027URIencoding\u0027 settings were actived which could allow a remote attacker\n to use a UTF-8-encoded request to extend their privileges and obtain\n local files accessible to the Tomcat process (CVE-2008-2938). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8\nj+sCdAEJN0CXvurmFcjUvNU=\n=+kFf\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. HP has updated the Apache Tomcat and Oracle database software to\naddress vulnerabilities affecting confidentiality, availability, and\nintegrity. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2370"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "BID",
"id": "30494"
},
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "PACKETSTORM",
"id": "68743"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "75161"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "125436"
},
{
"db": "PACKETSTORM",
"id": "38390"
}
],
"trust": 3.51
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32137",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2370"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2008-2370",
"trust": 3.6
},
{
"db": "BID",
"id": "30494",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "31381",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "31379",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1020623",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "33797",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31639",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "36249",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37460",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31982",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32120",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35393",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32266",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32222",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33999",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31865",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "57126",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31891",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34013",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-1535",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-0503",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2823",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2780",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3316",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-0320",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-2215",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2305",
"trust": 1.7
},
{
"db": "BID",
"id": "31681",
"trust": 1.7
},
{
"db": "SREASON",
"id": "4099",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "15884",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15810",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15922",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15852",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15855",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15861",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15862",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15872",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15883",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15895",
"trust": 0.8
},
{
"db": "BID",
"id": "14088",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014327",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#442845",
"trust": 0.8
},
{
"db": "XF",
"id": "44156",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "32137",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-2370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68743",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74633",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "70055",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125556",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75161",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69700",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125436",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38390",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "BID",
"id": "30494"
},
{
"db": "PACKETSTORM",
"id": "68743"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "75161"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "125436"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"id": "VAR-200808-0011",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-03-09T22:13:56.022000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache Tomcat 5.5.SVN",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"title": "Fixed in Apache Tomcat 6.0.18",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"title": "Fixed in Apache Tomcat 4.1.SVN",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"title": "APPLE-SA-2008-10-09 Security Update 2008-007",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"title": "HT3216",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT3216"
},
{
"title": "HT3216",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT3216"
},
{
"title": "tomcat5-5.5.23-0jpp.7.1.1AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=156"
},
{
"title": "ASA-2008-401",
"trust": 0.8,
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"title": "HPSBUX02401 SSRT090005",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01650939"
},
{
"title": "HPSBST02955 SSRT101157",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04047415"
},
{
"title": "1381",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1381"
},
{
"title": "NV09-012",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv09-012.html"
},
{
"title": "RHSA-2008:0648",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2008-0648.html"
},
{
"title": "RHSA-2008:0862",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2008-0862.html"
},
{
"title": "Multiple vulnerabilities in Oracle Java Web Console",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
},
{
"title": "251986",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1"
},
{
"title": "VMSA-2009-0002",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"title": "VMSA-2009-0016",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"title": "interstage_as_200902",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200902.html"
},
{
"title": "Red Hat: Important: jbossweb security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080877 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080864 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080862 - Security Advisory"
},
{
"title": "Red Hat: Low: tomcat security update for Red Hat Network Satellite Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20081007 - Security Advisory"
},
{
"title": "VMware Security Advisories: VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=73a787a1c84c97013ffa2f87f6d2e4ba"
},
{
"title": "VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4675848a694e2124743f676a2c827ef7"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/30494"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1020623"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31379"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31381"
},
{
"trust": 2.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2009-0002.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/31681"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-401.htm"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31639"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0648.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:188"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00889.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00859.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31891"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00712.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31865"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0862.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0864.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht3216"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32222"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4099"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31982"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33797"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32120"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32266"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/0503"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33999"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34013"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35393"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/2215"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/36249"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37460"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2305"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/57126"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5876"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10577"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15884/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15852/"
},
{
"trust": 0.8,
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15861/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15862/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15895/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15883/"
},
{
"trust": 0.8,
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15855/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15810/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15872/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15922/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14088"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/2305"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/44156"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2370"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342"
},
{
"trust": 0.3,
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000068.html"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.redhat.com/docs/en-us/jboss_enterprise_application_platform/4.2.0.cp04/html-single/readme/index.html"
},
{
"trust": 0.3,
"url": "https://sourceforge.net/project/shownotes.php?release_id=626903\u0026group_id=144774"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1"
},
{
"trust": 0.3,
"url": "http://download.novell.com/download?buildid=n5vszfht1vs"
},
{
"trust": 0.3,
"url": "/archive/1/495022"
},
{
"trust": 0.3,
"url": "/archive/1/507985"
},
{
"trust": 0.3,
"url": "http://mail-archives.apache.org/mod_mbox/ode-user/200908.mbox/%3cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb@mail.gmail.com%3e"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0648.html"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7006398"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2938"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461"
},
{
"trust": 0.2,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.2,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461"
},
{
"trust": 0.2,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/resources/techresources/726"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2938"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0002"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.2,
"url": "http://www.hp.com"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2008:0877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/32137/"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/security.html"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/viewvc?rev=680949\u0026view=rev"
},
{
"trust": 0.1,
"url": "http://host/page.jsp?blah=/../web-inf/web.xml"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/viewvc?rev=680950\u0026view=rev"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1630"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1102"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1098"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0745"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2671"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2671"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1096"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2052"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2315"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2416"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1093"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1101"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1094"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2724"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5031"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0159"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3143"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1439"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2716"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4864"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=vc40u1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1895"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3142"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1093"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2407"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2692"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2673"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1887"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2723"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0778"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1096"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1721"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2675"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1103"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1097"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1103"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1385"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2670"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1633"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0747"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1102"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2414"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4965"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0748"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0834"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1014842"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2847"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1097"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1105"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3528"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2406"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2625"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2417"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/lifecycle/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1106"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1337"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2722"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1094"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2698"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1107"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-155-20091116-013169/esxi-4.0.0-update01.zip"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-158-20091118-187517/esx-4.0.0-update01.zip"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1101"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1104"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1100"
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0676"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0028"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0696"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1072"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1336"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1014886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1104"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2721"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1098"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1107"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1192"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1100"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0002"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5700"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1389"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5966"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0322"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2719"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2625"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1105"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2848"
},
{
"trust": 0.1,
"url": "http://www.wikidsystems.com"
},
{
"trust": 0.1,
"url": "https://sourceforge.net/project/showfiles.php?group_id=144774"
},
{
"trust": 0.1,
"url": "http://www.wikidsystems.com/downloads/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/download.do?downloadgroup=vc250u4"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/showfiles.php?group_id=36679"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "BID",
"id": "30494"
},
{
"db": "PACKETSTORM",
"id": "68743"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "75161"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "125436"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2008-2370",
"ident": null
},
{
"db": "BID",
"id": "30494",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "68743",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "74633",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "82837",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "70055",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125556",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "75161",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "69700",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125436",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "38390",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2008-2370",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2005-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"date": "2008-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2370",
"ident": null
},
{
"date": "2008-08-01T00:00:00",
"db": "BID",
"id": "30494",
"ident": null
},
{
"date": "2008-08-01T20:26:42",
"db": "PACKETSTORM",
"id": "68743",
"ident": null
},
{
"date": "2009-02-04T18:45:10",
"db": "PACKETSTORM",
"id": "74633",
"ident": null
},
{
"date": "2009-11-20T22:21:26",
"db": "PACKETSTORM",
"id": "82837",
"ident": null
},
{
"date": "2008-09-17T15:13:40",
"db": "PACKETSTORM",
"id": "70055",
"ident": null
},
{
"date": "2014-03-06T02:39:08",
"db": "PACKETSTORM",
"id": "125556",
"ident": null
},
{
"date": "2009-02-25T00:58:34",
"db": "PACKETSTORM",
"id": "75161",
"ident": null
},
{
"date": "2008-09-06T00:23:13",
"db": "PACKETSTORM",
"id": "69700",
"ident": null
},
{
"date": "2014-02-26T22:39:24",
"db": "PACKETSTORM",
"id": "125436",
"ident": null
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38390",
"ident": null
},
{
"date": "2007-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-030",
"ident": null
},
{
"date": "2008-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001606",
"ident": null
},
{
"date": "2008-08-04T01:41:00",
"db": "NVD",
"id": "CVE-2008-2370",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2370",
"ident": null
},
{
"date": "2015-05-07T17:17:00",
"db": "BID",
"id": "30494",
"ident": null
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-030",
"ident": null
},
{
"date": "2015-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001606",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-2370",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
}
],
"trust": 0.6
}
}
VAR-200808-0154
Vulnerability from variot - Updated: 2026-03-09 21:51Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Multiple Java runtime implementations are prone to a vulnerability because the applications fail to sufficiently sanitize user-supplied input. Exploiting this issue in Apache Tomcat will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks. Other attacks may also be possible. Exploiting this issue in other applications will depend on the individual application. Successful exploits may result in a bypass of intended security filters. This may have various security impacts. We will update this BID pending further investigation. UPDATE (December, 18, 2008): Reports indicate that this issue may affect additional, unspecified Java Virtual Machine (JVM) implementations distributed by Sun, HP, IBM, Apple, and Apache. We will update this BID as more information becomes available. UPDATE (January 9, 2009): This BID previously documented an issue in Apache Tomcat. Further reports indicate that the underlying issue is in various Java runtime implementations. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939 Version: 1
HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02 Last Updated: 2009-02-02
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com
Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01
HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot
HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot
HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 February 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBSYhX8+AfOvwtKn1ZEQJxcACeJa8lt5TkhV5qnaGRTaBh4kqHutgAoJbH XCe08aGCzEZj/q4n91JQnhq6 =XImF -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Update 2
Severity: Important
Vendor: Multiple (was The Apache Software Foundation)
Versions Affected: Various
Description (new information): This vulnerability was originally reported to the Apache Software Foundation as a Tomcat vulnerability. Investigations quickly identified that the root cause was an issue with the UTF-8 charset implementation within the JVM.
It was decided to continue to report this as a Tomcat vulnerability until such time as the JVM vendors had released fixed versions.
Unfortunately, the release of fixed JVMs and associated vulnerability disclosure has not been co-ordinated. There has been some confusion within the user community as to the nature and root cause of CVE-2008-2938.
Mitigation: Contact your JVM vendor for further information. Tomcat users may upgrade as follows to a Tomcat version that contains a workaround: 6.0.x users should upgrade to 6.0.18 5.5.x users should upgrade to 5.5.27 4.1.x users should upgrade to 4.1.39
Credit: This additional information was discovered by the Apache security team. This release updates Tomcat to 5.5.27 which patches several security vulnerabilities.
Affected Products
The WiKID Strong Authentication Server - Enterprise Edition The WiKID Strong Authentication Server - Community Edition
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
Mitigation
Commercial users may download the most recent RPMs from the website: http://www.wikidsystems.com/downloads/
Users of the open source community version may download packages from Sourceforge: https://sourceforge.net/project/showfiles.php?group_id=144774
Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Two-factor authentication, without the hassle factor.
A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232).
A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947).
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
Updated Packages:
Mandriva Linux 2008.0: 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8 j+sCdAEJN0CXvurmFcjUvNU= =+kFf -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . In these configurations arbitrary files in the docBase for an application, including files such as web.xml, may be disclosed.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Secure Network - Security Research Advisory
Vuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Systems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882 Systems not affected: -- Severity: High Local/Remote: Remote Vendor URL: http://www.toutvirtual.com Author(s): Alberto Trivero (a.trivero@securenetwork.it) Claudio Criscione (c.criscione@securenetwork.it) Vendor disclosure: 02/07/2009 Vendor acknowledged: 16/07/2009 Vendor patch release: notified us on 06/11/2009 Public disclosure: 07/11/2009 Advisory number: SN-2009-02 Advisory URL: http://www.securenetwork.it/advisories/sn-2009-02.txt
*** SUMMARY ***
ToutVirtual's VirtualIQ Pro is specifically designed for IT administrators responsible for managing virtual platforms. VirtualIQ Pro provides Visibility, Analytics and policy-based Optimization - all from one single console. VirtualIQ Pro is hypervisor-agnostic supporting both Type I and Type II hypervisors. VirtualIQ Pro can be used to visualize, analyze and optimize your choice of virtualization platform - Citrix, Microsoft, Novell, Oracle and/or VMware.
Multiple vulnerabilities has been found which a allow an attacker to conduct various XSS and CSRF attack, and other attacks due to the use of an old an not hardened version of the web server.
*** VULNERABILITY DETAILS ***
(a) Cross-site scripting (XSS)
Due to an improper sanitization of user's input, multiple XSS attacks (reflective and stored) are possible. Reflective PoCs:
http://server:9080/tvserver/server/user/setPermissions.jsp?userId=1">alert(1)&resultResourceIds=111-222-1933email@address.tst
http://server:9080/tvserver/server/user/addDepartment.jsp?addNewDept=0&deptName=%22;alert(1);//&deptId=1&deptDesc=asd
http://server:9080/tvserver/server/inventory/inventoryTabs.jsp?ID=1;alert(1);//
http://server:9080/tvserver/reports/virtualIQAdminReports.do?command=getFilter&reportName=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
Stored XSS attacks can be triggered in the "Middle Name" parameter in the "Edit Profile" page with an HTTP request like the following:
POST /tvserver/user/user.do?command=save&userId=1 HTTP/1.1 Host: server:9080 Cookies: JSESSIONID=[...]
userName=IQMANAGER&firstName=IQ&middleName=asd'; alert(document.cookie);//&lastName=MANAGER&email=user%40domain.it&password=*&retypePassword=*&redirect=null&passwordModifed=false&isReportUser=false&roleId=1&supervisorId=1&departmentId=1&locationId=1
(b) Cross-site request forgery (CSRF)
An attacker can perform different types of CSRF attacks against a logged user. He can, for example, shutdown, start or restart an arbitrary virtual machine, schedule new activities and so on.
The following HTTP request, if forged by the attacker and executed by the victim while logged on VirtualIQ, creates an arbitrary user:
POST /tvserver/user/user.do?command=save&userId= HTTP/1.1 Host: server:9080 Cookie: JSESSIONID=[...]
userName=asd1&firstName=asd2&middleName=asd3&lastName=asd4&email=asd5%40asd.com&password=asd6&retypePassword=asd6&redirect=null&passwordModifed=false&isReportUser=false&roleId=1&supervisorId=1&departmentId=1&locationId=1
(c) Web server vulnerabilities
VirtualIQ runs on top of an old version of Apache Tomcat: 5.5.9, for which multiple public vulnerabilities have been released. As a PoC, a directory traversal attack (CVE-2008-2938) can be performed as:
http://server:9080/tvserver/server/%C0%AE%C0%AE/WEB-INF/web.xml
Listing of an arbitrary directory (CVE-2006-3835) can also be obtained with the following PoC:
http://192.168.229.85:9080/tvserver/server/;index.jsp
(d) Information Leakage
Tomcat status page should be disabled or restricted, being accessible at:
http://status:9080/status
Username and password to access a VM through SSH are also available in clear text in the configuration page. Since an XSS vulnerability can also be triggered in the same page, an attacker would also be able to easily capture the full credentials to access the VM with a specially crafted XSS payload.
*** FIX INFORMATION ***
Upgrade to the latest version, at the moment 3.5 build 10.14.2009
*** WORKAROUNDS ***
--
*** LEGAL NOTICES ***
Secure Network (www.securenetwork.it) is an information security company, which provides consulting and training services, and engages in security research and development.
We are committed to open, full disclosure of vulnerabilities, cooperating whenever possible with software developers for properly handling disclosure.
This advisory is copyright 2009 Secure Network S.r.l. Permission is hereby granted for the redistribution of this alert, provided that it is not altered except by reformatting it, and that due credit is given. It may not be edited in any way without the express consent of Secure Network S.r.l. Permission is explicitly given for insertion in vulnerability databases and similars, provided that due credit is given to Secure Network. This information is provided as-is, as a free service to the community by Secure Network research staff. There are no warranties with regard to this information. Secure Network does not accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
If you have any comments or inquiries, or any issue with what is reported in this advisory, please inform us as soon as possible.
E-mail: securenetwork@securenetwork.it GPG/PGP key: http://www.securenetwork.it/pgpkeys/Secure%20Network.asc Phone: +39 02 24 12 67 88
-- Claudio Criscione
Secure Network S.r.l. Via Venezia, 23 - 20099 Sesto San Giovanni (MI) - Italia Tel: +39 02.24126788 Mob: +39 392 3389178 email: c.criscione@securenetwork.it web: www.securenetwork.it
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "5.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "4.0.0"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "jre 1.6.0 11",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 17",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 19",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache tomcat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "drupal",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pear xml rpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpxmlrpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postnuke",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "serendipity",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wordpress",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xoops",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpmyfaq",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "4.1.0 to 4.1.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "5.5.0 to 5.5.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 to 6.0.16"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.5"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "systems wikid server",
"scope": "eq",
"trust": 0.3,
"vendor": "wikid",
"version": "3.0.4"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre beta",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jre 10-b03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0.1"
},
{
"_id": null,
"model": "red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "red hat network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)5.1"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "jboss enterprise application platform el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "jboss enterprise application platform .cp03",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "developer suite as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "application server ws4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"_id": null,
"model": "application server es4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"_id": null,
"model": "application server as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"_id": null,
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.1.0"
},
{
"_id": null,
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "openjdk",
"version": "1.6"
},
{
"_id": null,
"model": "zenworks linux management",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "7.3"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "meeting exchange enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.6"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.5"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.10"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.9"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1"
},
{
"_id": null,
"model": "harmony m8",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0"
},
{
"_id": null,
"model": "harmony m7",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0"
},
{
"_id": null,
"model": "systems wikid server",
"scope": "ne",
"trust": 0.3,
"vendor": "wikid",
"version": "3.0.5"
},
{
"_id": null,
"model": "jboss enterprise application platform .cp04",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.39"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#343355"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "30633"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-165"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001611"
},
{
"db": "NVD",
"id": "CVE-2008-2938"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001611"
}
]
},
"credits": {
"_id": null,
"data": "Simon Ryeo\u203b bar4mi@gmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-165"
}
],
"trust": 0.6
},
"cve": "CVE-2008-2938",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2008-2938",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-2938",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#343355",
"trust": 0.8,
"value": "7.14"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#442845",
"trust": 0.8,
"value": "20.75"
},
{
"author": "NVD",
"id": "CVE-2008-2938",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-165",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-2938",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#343355"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2938"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-165"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001611"
},
{
"db": "NVD",
"id": "CVE-2008-2938"
}
]
},
"description": {
"_id": null,
"data": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Multiple Java runtime implementations are prone to a vulnerability because the applications fail to sufficiently sanitize user-supplied input. \nExploiting this issue in Apache Tomcat will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks. Other attacks may also be possible. \nExploiting this issue in other applications will depend on the individual application. Successful exploits may result in a bypass of intended security filters. This may have various security impacts. We will update this BID pending further investigation. \nUPDATE (December, 18, 2008): Reports indicate that this issue may affect additional, unspecified Java Virtual Machine (JVM) implementations distributed by Sun, HP, IBM, Apple, and Apache. We will update this BID as more information becomes available. \nUPDATE (January 9, 2009): This BID previously documented an issue in Apache Tomcat. Further reports indicate that the underlying issue is in various Java runtime implementations. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01650939\nVersion: 1\n\nHPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-02-02\nLast Updated: 2009-02-02\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location: \nURL: http://software.hp.com \n\nNote: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 \nand HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 \n\nHP-UX Release - B.11.23 and B.11.31 PA-32\nApache Depot name - HPUXWSATW-B302-32.depot\n \nHP-UX Release - B.11.23 and B.11.31 IA-64\nApache Depot name - HPUXWSATW-B302-64.depot\n \nHP-UX Release - B.11.11 PA-32\nApache Depot name - HPUXWSATW-B222-1111.depot\n \n\nMANUAL ACTIONS: Yes - Update \n\nInstall Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \nhpuxwsWEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 2 February 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBSYhX8+AfOvwtKn1ZEQJxcACeJa8lt5TkhV5qnaGRTaBh4kqHutgAoJbH\nXCe08aGCzEZj/q4n91JQnhq6\n=XImF\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCVE-2008-2938: Apache Tomcat information disclosure vulnerability - Update 2\n\nSeverity: Important\n\nVendor:\nMultiple (was The Apache Software Foundation)\n\nVersions Affected:\nVarious\n\nDescription (new information):\nThis vulnerability was originally reported to the Apache Software Foundation as\na Tomcat vulnerability. Investigations quickly identified that the root cause\nwas an issue with the UTF-8 charset implementation within the JVM. \n\nIt was decided to continue to report this as a Tomcat vulnerability until such\ntime as the JVM vendors had released fixed versions. \n\nUnfortunately, the release of fixed JVMs and associated vulnerability disclosure\nhas not been co-ordinated. There has been some confusion within the user\ncommunity as to the nature and root cause of CVE-2008-2938. \n\nMitigation:\nContact your JVM vendor for further information. \nTomcat users may upgrade as follows to a Tomcat version that contains a workaround:\n6.0.x users should upgrade to 6.0.18\n5.5.x users should upgrade to 5.5.27\n4.1.x users should upgrade to 4.1.39\n\nCredit:\nThis additional information was discovered by the Apache security\nteam. This release updates Tomcat to 5.5.27\nwhich patches several security vulnerabilities. \n\n\nAffected Products\n=================\nThe WiKID Strong Authentication Server - Enterprise Edition\nThe WiKID Strong Authentication Server - Community Edition\n\nReferences\n==========\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n\nMitigation\n==========\n\nCommercial users may download the most recent RPMs from the website:\nhttp://www.wikidsystems.com/downloads/\n\nUsers of the open source community version may download packages from\nSourceforge:\nhttps://sourceforge.net/project/showfiles.php?group_id=144774\n\n\n\n- --\nNick Owen\nWiKID Systems, Inc. \n404-962-8983 (desk)\nhttp://www.wikidsystems.com\nTwo-factor authentication, without the hassle factor. \n \n A cross-site scripting vulnerability was found in the\n HttpServletResponse.sendError() method which could allow a remote\n attacker to inject arbitrary web script or HTML via forged HTTP headers\n (CVE-2008-1232). \n \n A cross-site scripting vulnerability was found in the host manager\n application that could allow a remote attacker to inject arbitrary\n web script or HTML via the hostname parameter (CVE-2008-1947). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8\nj+sCdAEJN0CXvurmFcjUvNU=\n=+kFf\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. In these\nconfigurations arbitrary files in the docBase for an application,\nincluding files such as web.xml, may be disclosed. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Secure Network - Security Research Advisory\n\nVuln name: ToutVirtual VirtualIQ Pro Multiple Vulnerabilities\nSystems affected: ToutVirtual VirtualIQ Professional 3.2 build 7882\nSystems not affected: --\nSeverity: High\nLocal/Remote: Remote\nVendor URL: http://www.toutvirtual.com\nAuthor(s): Alberto Trivero (a.trivero@securenetwork.it) \nClaudio Criscione (c.criscione@securenetwork.it)\nVendor disclosure: 02/07/2009\nVendor acknowledged: 16/07/2009\nVendor patch release: notified us on 06/11/2009\nPublic disclosure: 07/11/2009\nAdvisory number: SN-2009-02\nAdvisory URL: http://www.securenetwork.it/advisories/sn-2009-02.txt\n\n\n*** SUMMARY ***\n\nToutVirtual\u0027s VirtualIQ Pro is specifically designed for IT administrators \nresponsible for managing virtual platforms. VirtualIQ Pro provides\n Visibility, Analytics and policy-based Optimization - all from one single\nconsole. VirtualIQ Pro is hypervisor-agnostic supporting both Type I and Type \nII hypervisors. VirtualIQ Pro can be used to visualize, analyze and \noptimize your choice of virtualization platform - Citrix, Microsoft,\nNovell, Oracle and/or VMware. \n\nMultiple vulnerabilities has been found which a allow an attacker to conduct \nvarious XSS and CSRF attack, and other attacks due to the use \nof an old an not hardened version of the web server. \n\n\n*** VULNERABILITY DETAILS ***\n\n(a) Cross-site scripting (XSS)\n\nDue to an improper sanitization of user\u0027s input, multiple XSS attacks \n(reflective and stored) are possible. \nReflective PoCs:\n\nhttp://server:9080/tvserver/server/user/setPermissions.jsp?userId=1\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0026amp;resultResourceIds=111-222-1933email@address.tst \n\nhttp://server:9080/tvserver/server/user/addDepartment.jsp?addNewDept=0\u0026amp;deptName=%22;alert(1);//\u0026amp;deptId=1\u0026amp;deptDesc=asd\n\nhttp://server:9080/tvserver/server/inventory/inventoryTabs.jsp?ID=1;alert(1);//\n\nhttp://server:9080/tvserver/reports/virtualIQAdminReports.do?command=getFilter\u0026amp;reportName=%22%3E%3Cscript%3Ealert(1)%3C/script%3E\n\nStored XSS attacks can be triggered in the \"Middle Name\" parameter in the \n\"Edit Profile\" page with an HTTP request like the following:\n\nPOST /tvserver/user/user.do?command=save\u0026userId=1 HTTP/1.1\nHost: server:9080\nCookies: JSESSIONID=[...]\n\nuserName=IQMANAGER\u0026firstName=IQ\u0026middleName=asd\u0027; \nalert(document.cookie);//\u0026lastName=MANAGER\u0026email=user%40domain.it\u0026password=********\u0026retypePassword=********\u0026redirect=null\u0026passwordModifed=false\u0026isReportUser=false\u0026roleId=1\u0026supervisorId=1\u0026departmentId=1\u0026locationId=1\n\n\n(b) Cross-site request forgery (CSRF)\n\nAn attacker can perform different types of CSRF attacks against a logged user. \nHe can, for example, shutdown, start or restart an arbitrary\nvirtual machine, schedule new activities and so on. \n\nThe following HTTP request, if forged by the attacker and executed by the \nvictim while logged on VirtualIQ, creates an arbitrary user:\n\nPOST /tvserver/user/user.do?command=save\u0026userId= HTTP/1.1\nHost: server:9080\nCookie: JSESSIONID=[...]\n\nuserName=asd1\u0026firstName=asd2\u0026middleName=asd3\u0026lastName=asd4\u0026email=asd5%40asd.com\u0026password=asd6\u0026retypePassword=asd6\u0026redirect=null\u0026passwordModifed=false\u0026isReportUser=false\u0026roleId=1\u0026supervisorId=1\u0026departmentId=1\u0026locationId=1\n\n\n(c) Web server vulnerabilities\n\nVirtualIQ runs on top of an old version of Apache Tomcat: 5.5.9, for which \nmultiple public vulnerabilities have been released. As a \nPoC, a directory traversal attack (CVE-2008-2938) \ncan be performed as:\n\nhttp://server:9080/tvserver/server/%C0%AE%C0%AE/WEB-INF/web.xml\n\nListing of an arbitrary directory (CVE-2006-3835) can also be obtained with \nthe following PoC:\n\nhttp://192.168.229.85:9080/tvserver/server/;index.jsp\n\n\n(d) Information Leakage\n\nTomcat status page should be disabled or restricted, being accessible at:\n\nhttp://status:9080/status\n\nUsername and password to access a VM through SSH are also available in clear \ntext in the configuration page. \nSince an XSS vulnerability can also be triggered in the same page, an attacker \nwould also be able to easily capture the full credentials to access \nthe VM with a specially crafted XSS payload. \n\n\n*** FIX INFORMATION ***\n\nUpgrade to the latest version, at the moment 3.5 build 10.14.2009\n\n*** WORKAROUNDS ***\n\n--\n\n\n*********************\n*** LEGAL NOTICES ***\n*********************\n\nSecure Network (www.securenetwork.it) is an information security company, \nwhich provides consulting and training services, and engages in security \nresearch and development. \n\nWe are committed to open, full disclosure of vulnerabilities, cooperating\nwhenever possible with software developers for properly handling disclosure. \n\nThis advisory is copyright 2009 Secure Network S.r.l. Permission is \nhereby granted for the redistribution of this alert, provided that it is\nnot altered except by reformatting it, and that due credit is given. It \nmay not be edited in any way without the express consent of Secure Network \nS.r.l. Permission is explicitly given for insertion in vulnerability \ndatabases and similars, provided that due credit is given to Secure Network. This information is\nprovided as-is, as a free service to the community by Secure Network \nresearch staff. There are no warranties with regard to this information. \nSecure Network does not accept any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\nIf you have any comments or inquiries, or any issue with what is reported \nin this advisory, please inform us as soon as possible. \n\nE-mail: securenetwork@securenetwork.it\nGPG/PGP key: http://www.securenetwork.it/pgpkeys/Secure%20Network.asc\nPhone: +39 02 24 12 67 88\n\n-- \nClaudio Criscione\n\nSecure Network S.r.l. \nVia Venezia, 23 - 20099 Sesto San Giovanni (MI) - Italia\nTel: +39 02.24126788 Mob: +39 392 3389178\nemail: c.criscione@securenetwork.it\nweb: www.securenetwork.it\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2938"
},
{
"db": "CERT/CC",
"id": "VU#343355"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001611"
},
{
"db": "BID",
"id": "30633"
},
{
"db": "VULMON",
"id": "CVE-2008-2938"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "73193"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "69819"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "PACKETSTORM",
"id": "82649"
}
],
"trust": 4.05
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=6229",
"trust": 0.2,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2938"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2008-2938",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#343355",
"trust": 2.8
},
{
"db": "BID",
"id": "30633",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1020665",
"trust": 2.5
},
{
"db": "BID",
"id": "31681",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31639",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31891",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31982",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33797",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32222",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32120",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31865",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32266",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37297",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2343",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2823",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2780",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-0320",
"trust": 1.7
},
{
"db": "SREASON",
"id": "4148",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "6229",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "15884",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15810",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15922",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15852",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15855",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15861",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15862",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15872",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15883",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15895",
"trust": 0.8
},
{
"db": "BID",
"id": "14088",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014327",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#442845",
"trust": 0.8
},
{
"db": "XF",
"id": "44411",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001611",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200808-165",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2008-2938",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74633",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "73193",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "70055",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69700",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69819",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82649",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#343355"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2938"
},
{
"db": "BID",
"id": "30633"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "73193"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "69819"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "PACKETSTORM",
"id": "82649"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-165"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001611"
},
{
"db": "NVD",
"id": "CVE-2008-2938"
}
]
},
"id": "VAR-200808-0154",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-03-09T21:51:18.403000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache Tomcat 5.5.SVN",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"title": "Fixed in Apache Tomcat 6.0.18",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"title": "Fixed in Apache Tomcat 4.1.SVN",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"title": "HT3216",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3216"
},
{
"title": "HT3216",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3216?viewlocale=ja_JP"
},
{
"title": "tomcat5-5.5.23-0jpp.7.1.1AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=156"
},
{
"title": "HPSBUX02401",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01650939"
},
{
"title": "NV09-013",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv09-013.html"
},
{
"title": "RHSA-2008:0648",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2008-0648.html"
},
{
"title": "Multiple vulnerabilities in Oracle Java Web Console",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
},
{
"title": "interstage_as_201003",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201003.html"
},
{
"title": "Red Hat: Important: jbossweb security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080877 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080864 - Security Advisory"
},
{
"title": "Red Hat: Low: tomcat security update for Red Hat Network Satellite Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20081007 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080862 - Security Advisory"
},
{
"title": "Offensive",
"trust": 0.1,
"url": "https://github.com/Naramsim/Offensive "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/CVEDB/PoC-List "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2938"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001611"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001611"
},
{
"db": "NVD",
"id": "CVE-2008-2938"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/30633"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/31681"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/343355"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-401.htm"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0648.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31639"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020665"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:188"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00859.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31891"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00889.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31865"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00712.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0862.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0864.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht3216"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32222"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4148"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31982"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33797"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32120"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32266"
},
{
"trust": 1.7,
"url": "http://www.securenetwork.it/ricerca/advisory/download/sn-2009-02.txt"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37297"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2343"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44411"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/6229"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10587"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/495318/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2938"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15884/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15852/"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15861/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15862/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15895/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15883/"
},
{
"trust": 0.8,
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15855/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15810/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15872/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15922/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14088"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/2343"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/44411"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2938"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/id?1020665"
},
{
"trust": 0.6,
"url": "/archive/1/496168"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2938"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://java.sun.com/javase/6/webnotes/6u11.html"
},
{
"trust": 0.3,
"url": "http://harmony.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.redhat.com/docs/en-us/jboss_enterprise_application_platform/4.2.0.cp04/html-single/readme/index.html"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
},
{
"trust": 0.3,
"url": "http://openjdk.java.net/"
},
{
"trust": 0.3,
"url": "msg://bugtraq/8ba534860901192056k63dc5e78j5555f5f09997eabf@mail.gmail.com"
},
{
"trust": 0.3,
"url": "https://sourceforge.net/project/shownotes.php?release_id=626903\u0026group_id=144774"
},
{
"trust": 0.3,
"url": "http://download.novell.com/download?buildid=n5vszfht1vs"
},
{
"trust": 0.3,
"url": "/archive/1/495318"
},
{
"trust": 0.3,
"url": "/archive/1/499926"
},
{
"trust": 0.3,
"url": "msg://bugtraq/494a7e59.80909@apache.org"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201003e.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0648.html"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7006398"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232"
},
{
"trust": 0.3,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.2,
"url": "http://tomcat.apache.org/security.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2008:0877"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=16434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/naramsim/offensive"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/6229/"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286"
},
{
"trust": 0.1,
"url": "http://www.wikidsystems.com"
},
{
"trust": 0.1,
"url": "https://sourceforge.net/project/showfiles.php?group_id=144774"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461"
},
{
"trust": 0.1,
"url": "http://www.wikidsystems.com/downloads/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=681065"
},
{
"trust": 0.1,
"url": "http://www.target.com/contextpath/%c0%ae%c0%ae/web-inf/web.xml"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/showfiles.php?group_id=36679"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://server:9080/tvserver/server/inventory/inventorytabs.jsp?id=1;alert(1);//"
},
{
"trust": 0.1,
"url": "http://server:9080/tvserver/reports/virtualiqadminreports.do?command=getfilter\u0026amp;reportname=%22%3e%3cscript%3ealert(1)%3c/script%3e"
},
{
"trust": 0.1,
"url": "http://server:9080/tvserver/server/%c0%ae%c0%ae/web-inf/web.xml"
},
{
"trust": 0.1,
"url": "http://status:9080/status"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3835"
},
{
"trust": 0.1,
"url": "http://www.securenetwork.it/pgpkeys/secure%20network.asc"
},
{
"trust": 0.1,
"url": "http://www.toutvirtual.com"
},
{
"trust": 0.1,
"url": "http://server:9080/tvserver/server/user/setpermissions.jsp?userid=1\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u0026amp;resultresourceids=111-222-1933email@address.tst"
},
{
"trust": 0.1,
"url": "http://192.168.229.85:9080/tvserver/server/;index.jsp"
},
{
"trust": 0.1,
"url": "http://server:9080/web-console/"
},
{
"trust": 0.1,
"url": "https://www.securenetwork.it)"
},
{
"trust": 0.1,
"url": "http://server:9080/tvserver/server/user/adddepartment.jsp?addnewdept=0\u0026amp;deptname=%22;alert(1);//\u0026amp;deptid=1\u0026amp;deptdesc=asd"
},
{
"trust": 0.1,
"url": "http://server:9080/jmx-console/"
},
{
"trust": 0.1,
"url": "http://www.securenetwork.it/advisories/sn-2009-02.txt"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#343355"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2938"
},
{
"db": "BID",
"id": "30633"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "73193"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "69819"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "PACKETSTORM",
"id": "82649"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-165"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001611"
},
{
"db": "NVD",
"id": "CVE-2008-2938"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#343355",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2008-2938",
"ident": null
},
{
"db": "BID",
"id": "30633",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "74633",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "73193",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "70055",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "69700",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "69819",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "38390",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "82649",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200808-165",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001611",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2008-2938",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2008-08-19T00:00:00",
"db": "CERT/CC",
"id": "VU#343355",
"ident": null
},
{
"date": "2005-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"date": "2008-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2938",
"ident": null
},
{
"date": "2008-08-11T00:00:00",
"db": "BID",
"id": "30633",
"ident": null
},
{
"date": "2009-02-04T18:45:10",
"db": "PACKETSTORM",
"id": "74633",
"ident": null
},
{
"date": "2008-12-22T04:48:14",
"db": "PACKETSTORM",
"id": "73193",
"ident": null
},
{
"date": "2008-09-17T15:13:40",
"db": "PACKETSTORM",
"id": "70055",
"ident": null
},
{
"date": "2008-09-06T00:23:13",
"db": "PACKETSTORM",
"id": "69700",
"ident": null
},
{
"date": "2008-09-10T16:29:31",
"db": "PACKETSTORM",
"id": "69819",
"ident": null
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38390",
"ident": null
},
{
"date": "2009-11-17T00:59:14",
"db": "PACKETSTORM",
"id": "82649",
"ident": null
},
{
"date": "2007-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-165",
"ident": null
},
{
"date": "2008-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001611",
"ident": null
},
{
"date": "2008-08-13T00:41:00",
"db": "NVD",
"id": "CVE-2008-2938",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2008-08-19T00:00:00",
"db": "CERT/CC",
"id": "VU#343355",
"ident": null
},
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2938",
"ident": null
},
{
"date": "2015-04-13T22:13:00",
"db": "BID",
"id": "30633",
"ident": null
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-165",
"ident": null
},
{
"date": "2012-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001611",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-2938",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-165"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Apache Tomcat UTF8 Directory Traversal Vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#343355"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-165"
}
],
"trust": 0.6
}
}
VAR-202302-1621
Vulnerability from variot - Updated: 2026-03-09 21:44Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
The following data is constructed from data provided by Red Hat's json file at:
https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6570.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Web Server 5.7.4 release and security update Advisory ID: RHSA-2023:4909-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2023:4909 Issue date: 2023-09-04 CVE Names: CVE-2022-24963 CVE-2023-24998 CVE-2023-28708 CVE-2023-28709 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 5.7 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.7 for RHEL 8 - noarch, x86_64 Red Hat JBoss Web Server 5.7 for RHEL 9 - noarch, x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
-
apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
-
Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
-
tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
-
tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode 2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts 2180856 - CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure 2210321 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete
- Package List:
Red Hat JBoss Web Server 5.7 for RHEL 7 Server:
Source: jws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.src.rpm jws5-tomcat-native-1.2.31-15.redhat_15.el7jws.src.rpm
noarch: jws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-java-jdk11-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-java-jdk8-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
x86_64: jws5-tomcat-native-1.2.31-15.redhat_15.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el7jws.x86_64.rpm
Red Hat JBoss Web Server 5.7 for RHEL 8:
Source: jws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.src.rpm jws5-tomcat-native-1.2.31-15.redhat_15.el8jws.src.rpm
noarch: jws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
x86_64: jws5-tomcat-native-1.2.31-15.redhat_15.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el8jws.x86_64.rpm
Red Hat JBoss Web Server 5.7 for RHEL 9:
Source: jws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.src.rpm jws5-tomcat-native-1.2.31-15.redhat_15.el9jws.src.rpm
noarch: jws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
x86_64: jws5-tomcat-native-1.2.31-15.redhat_15.el9jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el9jws.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-24963 https://access.redhat.com/security/cve/CVE-2023-24998 https://access.redhat.com/security/cve/CVE-2023-28708 https://access.redhat.com/security/cve/CVE-2023-28709 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCAAGBQJk9dawAAoJENzjgjWX9erE1ycQAIwG6w749gWsv0nN3TgCLSn+ Ag1rdPKnc9K0BEer5aj3UZWq0ILQ0U2xkIV/+f03asPHSKehS0xAVAoTOB9eqDgB f7rcxV6tDwkkOgEHlCQZXle5CzMmIIuAmzQoRI855sl3fo7m1s9w/XGfM9TuwANu AAXKNZUc1EOtCzwQPbJ+RqwxXhiZvwaD1cXa/PtNmrmcFeQPjwZUTwWrs5KcDG/P CCIugcTaD8lCFRQFHtF+GXY9A1xzQ4sgGBeSa2+MRLV2e5nVGjby+1ydLIhThdvl 7bD+wtI7WOQkVI1ZrfiVuYU6gmQB1YoaYz3l8bjY+PvxoXANIDWI2y9QzLvjHRdX Q2DraXW6xMw0utFtFe5AiLevPH18VwBsdyUMOk8hpTQsRkw/Is7rIcHstucGJYSI CBVloQ8FbPXPUlTw4eYSr22c3bEyJKTACJIN+badVjzUlu7zewqF7g8BHXJGFIfT pwyfxOUfvAvn0qD8NvwE64yQ1pCIqcq/ffxliJp98cn86VrQ+H6+hwmxWOU1yoxe jyON4uVUE+IcaPPP84SUyGZW+ZgZjrdkBv4OaBsMvQweIPXLk54/dkgDtdOMF6EJ 3AX0KKqoSTFWJ7i64DWturuhAFRTdqkxeItLWM5LMo0FKsZur8efbRRnSHQhNUib PKxvfGMcijaSUTJ0s70k =7k// -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .
CVE-2023-24998
Denial of service.
CVE-2023-41080
Open redirect. If the ROOT (default) web application is configured to use
FORM authentication then it is possible that a specially crafted URL could
be used to trigger a redirect to an URL of the attackers choice.
CVE-2023-42795
Information Disclosure. When recycling various internal objects, including
the request and the response, prior to re-use by the next request/response,
an error could cause Tomcat to skip some parts of the recycling process
leading to information leaking from the current request/response to the
next.
CVE-2023-44487
DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)
CVE-2023-45648
Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A
specially crafted, invalid trailer header could cause Tomcat to treat a
single request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
For the oldstable distribution (bullseye), these problems have been fixed in version 9.0.43-2~deb11u7.
We recommend that you upgrade your tomcat9 packages.
For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlyBRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRBnhAAk1o0EDLnX1zaS0Xnz9jybhd9XdXat1HwZXvV3XFRGVXu5+r2bKH+KQjU 0GJ6koP3KDt10DrI8DzOq+9Msu0/TbPYAZKDHPjPYfcUqXRmwRrvTXtq5cbR5v3+ JxgJhiqjQYb1DYiDLC5iU+6aryrZg2ma1i81lG5v8N1TDfaCHzbZiMpyeYEABkd7 eKX3tzngoK9UaIgYVBxrjnM9bPRWnRFJRBMu/hs4VS6gxqzAaZT72Tcaf0Vf3t1s Es5IMgrhBC0Q2Amlm3N5z37p0nlhnJdNC3dAHetRCy92g9/KsjB/1BZfYY7rM8wV WwvB5WwQ0T4eRqKmc8yY86sUdfXkhPqz1oFDbnNgxtBjMm2z/of9pNEm+2NCpv9P 3MpCIKsEWiGH8+uleGuFhAHoWeUYjDNJjH1di6+PYZoBaEJ8eiXct/THBt/0nvFR Nh6AFDqi1Hi5/GdPK71eFRDsXOwgSuRg1ZRJtJP1W/dYEiczP89l0CM04PwxEAn2 dbE2ZCUQmIzQdng4OAHt+ze+QDini4HtoRJnQHq4P/QUIEQAE9C0hOIMMnrtpqIY A77Qa1bBVqDgLlhvSmpSrVigmfyXSpmtfc9G0KXcq5IAvr75jZ0PNuIk/VTyklYj e3g3nA1rbB1jlx6cvPqWBFItXW8800mJ0CXHb8EN8jKdB5BnooY= =6KYM -----END PGP SIGNATURE----- . Summary:
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Relevant releases/architectures:
OpenShift Developer Tools and Services for OCP 4.13 for RHEL 8 - noarch
- Description:
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
-
apache-commons-text: variable interpolation RCE (CVE-2022-42889)
-
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)
-
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
-
kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
-
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
-
springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)
-
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
-
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
-
Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
-
jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
-
jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
-
Jenkins: Denial of Service attack (CVE-2023-27900)
-
Jenkins: Denial of Service attack (CVE-2023-27901)
-
Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)
-
Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1856376 - CVE-2020-7692 google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization 2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method 2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2134292 - CVE-2022-40151 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks 2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE 2164278 - CVE-2023-24422 jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin 2170039 - CVE-2023-25761 jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin 2170041 - CVE-2023-25762 jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin 2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts 2177630 - CVE-2023-27902 Jenkins: Workspace temporary directories accessible through directory browser 2177634 - CVE-2023-27904 Jenkins: Information disclosure through error stack traces related to agents 2177638 - CVE-2023-27900 Jenkins: Denial of Service attack 2177646 - CVE-2023-27901 Jenkins: Denial of Service attack 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
- JIRA issues fixed (https://issues.jboss.org/):
PITEAM-10 - Release 4.13 Jenkins agent image PITEAM-9 - Release 4.13 Jenkins image
-
Gentoo Linux Security Advisory GLSA 202305-37
https://security.gentoo.org/
Severity: Low Title: Apache Tomcat: Multiple Vulnerabilities Date: May 30, 2023 Bugs: #878911, #889596, #896370, #907387 ID: 202305-37
Synopsis
Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could result in denial of service. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.1.8"
References
[ 1 ] CVE-2022-42252 https://nvd.nist.gov/vuln/detail/CVE-2022-42252 [ 2 ] CVE-2022-45143 https://nvd.nist.gov/vuln/detail/CVE-2022-45143 [ 3 ] CVE-2023-24998 https://nvd.nist.gov/vuln/detail/CVE-2023-24998 [ 4 ] CVE-2023-28709 https://nvd.nist.gov/vuln/detail/CVE-2023-28709
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-37
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
The purpose of this text-only errata is to inform you about the security issues fixed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1621",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "commons fileupload",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0"
},
{
"model": "commons fileupload",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "1.5"
},
{
"model": "commons fileupload",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "nec advanced analytics platform modeler",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/it desktop management 2 - smart device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "neoface monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "job management partner 1/it desktop management 2 - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "tomcat",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "nec information assessment system",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "enterpriseidentitymanager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "nec \u81ea\u52d5\u5fdc\u7b54",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "websam it process management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "commons fileupload",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "jp1/it desktop management 2 - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/it desktop management - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/it desktop management 2 - operations director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "esmpro/servermanager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "job management partner 1/it desktop management - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "connexive pf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "actsecure \u30dd\u30fc\u30bf\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "NVD",
"id": "CVE-2023-24998"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "175549"
},
{
"db": "PACKETSTORM",
"id": "175724"
},
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
},
{
"db": "PACKETSTORM",
"id": "172574"
},
{
"db": "PACKETSTORM",
"id": "172140"
}
],
"trust": 0.6
},
"cve": "CVE-2023-24998",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-24998",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-24998",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-24998",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-24998",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1610",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1610"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "NVD",
"id": "CVE-2023-24998"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. \n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured. \n\nThe following data is constructed from data provided by Red Hat\u0027s json file at:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6570.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Web Server 5.7.4 release and security update\nAdvisory ID: RHSA-2023:4909-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:4909\nIssue date: 2023-09-04\nCVE Names: CVE-2022-24963 CVE-2023-24998 CVE-2023-28708\n CVE-2023-28709\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat\nEnterprise Linux versions 7, 8, and 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 8 - noarch, x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 9 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. \n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for\nRed Hat JBoss Web Server 5.7.3. This release includes bug fixes,\nenhancements and component upgrades, which are documented in the Release\nNotes, linked to in the References section. \n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts\n(CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure\n(CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode\n2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts\n2180856 - CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure\n2210321 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete\n\n6. Package List:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server:\n\nSource:\njws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.src.rpm\njws5-tomcat-native-1.2.31-15.redhat_15.el7jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-java-jdk11-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-java-jdk8-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-lib-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-15.redhat_15.el7jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el7jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 8:\n\nSource:\njws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.src.rpm\njws5-tomcat-native-1.2.31-15.redhat_15.el8jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-lib-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-15.redhat_15.el8jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el8jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 9:\n\nSource:\njws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.src.rpm\njws5-tomcat-native-1.2.31-15.redhat_15.el9jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-lib-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-15.redhat_15.el9jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el9jws.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24963\nhttps://access.redhat.com/security/cve/CVE-2023-24998\nhttps://access.redhat.com/security/cve/CVE-2023-28708\nhttps://access.redhat.com/security/cve/CVE-2023-28709\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCAAGBQJk9dawAAoJENzjgjWX9erE1ycQAIwG6w749gWsv0nN3TgCLSn+\nAg1rdPKnc9K0BEer5aj3UZWq0ILQ0U2xkIV/+f03asPHSKehS0xAVAoTOB9eqDgB\nf7rcxV6tDwkkOgEHlCQZXle5CzMmIIuAmzQoRI855sl3fo7m1s9w/XGfM9TuwANu\nAAXKNZUc1EOtCzwQPbJ+RqwxXhiZvwaD1cXa/PtNmrmcFeQPjwZUTwWrs5KcDG/P\nCCIugcTaD8lCFRQFHtF+GXY9A1xzQ4sgGBeSa2+MRLV2e5nVGjby+1ydLIhThdvl\n7bD+wtI7WOQkVI1ZrfiVuYU6gmQB1YoaYz3l8bjY+PvxoXANIDWI2y9QzLvjHRdX\nQ2DraXW6xMw0utFtFe5AiLevPH18VwBsdyUMOk8hpTQsRkw/Is7rIcHstucGJYSI\nCBVloQ8FbPXPUlTw4eYSr22c3bEyJKTACJIN+badVjzUlu7zewqF7g8BHXJGFIfT\npwyfxOUfvAvn0qD8NvwE64yQ1pCIqcq/ffxliJp98cn86VrQ+H6+hwmxWOU1yoxe\njyON4uVUE+IcaPPP84SUyGZW+ZgZjrdkBv4OaBsMvQweIPXLk54/dkgDtdOMF6EJ\n3AX0KKqoSTFWJ7i64DWturuhAFRTdqkxeItLWM5LMo0FKsZur8efbRRnSHQhNUib\nPKxvfGMcijaSUTJ0s70k\n=7k//\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nCVE-2023-24998\n\n Denial of service. \n\nCVE-2023-41080\n\n Open redirect. If the ROOT (default) web application is configured to use\n FORM authentication then it is possible that a specially crafted URL could\n be used to trigger a redirect to an URL of the attackers choice. \n\nCVE-2023-42795\n\n Information Disclosure. When recycling various internal objects, including\n the request and the response, prior to re-use by the next request/response,\n an error could cause Tomcat to skip some parts of the recycling process\n leading to information leaking from the current request/response to the\n next. \n\nCVE-2023-44487\n\n DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)\n\nCVE-2023-45648\n\n Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A\n specially crafted, invalid trailer header could cause Tomcat to treat a\n single request as multiple requests leading to the possibility of request\n smuggling when behind a reverse proxy. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 9.0.43-2~deb11u7. \n\nWe recommend that you upgrade your tomcat9 packages. \n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlyBRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRBnhAAk1o0EDLnX1zaS0Xnz9jybhd9XdXat1HwZXvV3XFRGVXu5+r2bKH+KQjU\n0GJ6koP3KDt10DrI8DzOq+9Msu0/TbPYAZKDHPjPYfcUqXRmwRrvTXtq5cbR5v3+\nJxgJhiqjQYb1DYiDLC5iU+6aryrZg2ma1i81lG5v8N1TDfaCHzbZiMpyeYEABkd7\neKX3tzngoK9UaIgYVBxrjnM9bPRWnRFJRBMu/hs4VS6gxqzAaZT72Tcaf0Vf3t1s\nEs5IMgrhBC0Q2Amlm3N5z37p0nlhnJdNC3dAHetRCy92g9/KsjB/1BZfYY7rM8wV\nWwvB5WwQ0T4eRqKmc8yY86sUdfXkhPqz1oFDbnNgxtBjMm2z/of9pNEm+2NCpv9P\n3MpCIKsEWiGH8+uleGuFhAHoWeUYjDNJjH1di6+PYZoBaEJ8eiXct/THBt/0nvFR\nNh6AFDqi1Hi5/GdPK71eFRDsXOwgSuRg1ZRJtJP1W/dYEiczP89l0CM04PwxEAn2\ndbE2ZCUQmIzQdng4OAHt+ze+QDini4HtoRJnQHq4P/QUIEQAE9C0hOIMMnrtpqIY\nA77Qa1bBVqDgLlhvSmpSrVigmfyXSpmtfc9G0KXcq5IAvr75jZ0PNuIk/VTyklYj\ne3g3nA1rbB1jlx6cvPqWBFItXW8800mJ0CXHb8EN8jKdB5BnooY=\n=6KYM\n-----END PGP SIGNATURE-----\n. Summary:\n\nAn update for jenkins and jenkins-2-plugins is now available for OpenShift\nDeveloper Tools and Services for OCP 4.13. Relevant releases/architectures:\n\nOpenShift Developer Tools and Services for OCP 4.13 for RHEL 8 - noarch\n\n3. Description:\n\nJenkins is a continuous integration server that monitors executions of\nrepeated jobs, such as building a software project or jobs run by cron. \n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* google-oauth-client: missing PKCE support in accordance with the RFC for\nOAuth 2.0 for Native Apps can lead to improper authorization\n(CVE-2020-7692)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script\nSecurity Plugin (CVE-2023-24422)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method\n(CVE-2021-4178)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize\nJsonNode (CVE-2021-46877)\n\n* springframework: Authorization Bypass in RegexRequestMatcher\n(CVE-2022-22978)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts\n(CVE-2023-24998)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\n(CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in\nPipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Denial of Service attack (CVE-2023-27900)\n\n* Jenkins: Denial of Service attack (CVE-2023-27901)\n\n* Jenkins: Workspace temporary directories accessible through directory\nbrowser (CVE-2023-27902)\n\n* Jenkins: Information disclosure through error stack traces related to\nagents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1856376 - CVE-2020-7692 google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization\n2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method\n2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher\n2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks\n2134292 - CVE-2022-40151 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks\n2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE\n2164278 - CVE-2023-24422 jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin\n2170039 - CVE-2023-25761 jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\n2170041 - CVE-2023-25762 jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\n2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts\n2177630 - CVE-2023-27902 Jenkins: Workspace temporary directories accessible through directory browser\n2177634 - CVE-2023-27904 Jenkins: Information disclosure through error stack traces related to agents\n2177638 - CVE-2023-27900 Jenkins: Denial of Service attack\n2177646 - CVE-2023-27901 Jenkins: Denial of Service attack\n2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nPITEAM-10 - Release 4.13 Jenkins agent image\nPITEAM-9 - Release 4.13 Jenkins image\n\n7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202305-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Apache Tomcat: Multiple Vulnerabilities\n Date: May 30, 2023\n Bugs: #878911, #889596, #896370, #907387\n ID: 202305-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich could result in denial of service. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache Tomcat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-10.1.8\"\n\nReferences\n=========\n[ 1 ] CVE-2022-42252\n https://nvd.nist.gov/vuln/detail/CVE-2022-42252\n[ 2 ] CVE-2022-45143\n https://nvd.nist.gov/vuln/detail/CVE-2022-45143\n[ 3 ] CVE-2023-24998\n https://nvd.nist.gov/vuln/detail/CVE-2023-24998\n[ 4 ] CVE-2023-28709\n https://nvd.nist.gov/vuln/detail/CVE-2023-28709\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202305-37\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nThe purpose of this text-only errata is to inform you about the security\nissues fixed",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-24998"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "VULMON",
"id": "CVE-2023-24998"
},
{
"db": "PACKETSTORM",
"id": "175549"
},
{
"db": "PACKETSTORM",
"id": "175724"
},
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "172574"
},
{
"db": "PACKETSTORM",
"id": "172624"
},
{
"db": "PACKETSTORM",
"id": "172140"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-24998",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/05/22/1",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-15",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91253151",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.3457",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2030",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3098",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1629",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3839",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2979",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3113",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3425",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1590",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1527",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1085",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1468",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1610",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-24998",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175724",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174475",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174474",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175070",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172574",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172624",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172140",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-24998"
},
{
"db": "PACKETSTORM",
"id": "175549"
},
{
"db": "PACKETSTORM",
"id": "175724"
},
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "172574"
},
{
"db": "PACKETSTORM",
"id": "172624"
},
{
"db": "PACKETSTORM",
"id": "172140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1610"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "NVD",
"id": "CVE-2023-24998"
}
]
},
"id": "VAR-202302-1621",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22708334
},
"last_update_date": "2026-03-09T21:44:24.155000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2024-119",
"trust": 0.8,
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
},
{
"title": "Apache Commons FileUpload Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=227328"
},
{
"title": "Debian CVElist Bug Report Logs: libcommons-fileupload-java: CVE-2023-24998",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d5c27d5122389b2993bab30e55fe65cf"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2023-24998"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-24998"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1610"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
},
{
"problemtype": "Determination of boundary conditions (CWE-193) [ others ]",
"trust": 0.8
},
{
"problemtype": " Allocation of resources without limits or throttling (CWE-770) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "NVD",
"id": "CVE-2023-24998"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24998"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24998"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28709"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20230302-0013/"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91253151/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2030"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1590"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1085"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3098"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3457"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1468"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3425"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3596"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3113"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3839"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1629"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-24998/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1526"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2979"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1527"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24963"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-28708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24963"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-28709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40151"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6570.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173874"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7065"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210321"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7065.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=webserver\u0026version=5.7"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-45648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-41080"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-42795"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/tomcat9"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46877"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25761"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-27904"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-27900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-27902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-27901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40151"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42252"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2100"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38398"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37533"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-22602"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37533"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38398"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-20860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-39368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2023-q2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41704"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-33681"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-20863"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-20861"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38750"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-24998"
},
{
"db": "PACKETSTORM",
"id": "175549"
},
{
"db": "PACKETSTORM",
"id": "175724"
},
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "172574"
},
{
"db": "PACKETSTORM",
"id": "172624"
},
{
"db": "PACKETSTORM",
"id": "172140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1610"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "NVD",
"id": "CVE-2023-24998"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-24998"
},
{
"db": "PACKETSTORM",
"id": "175549"
},
{
"db": "PACKETSTORM",
"id": "175724"
},
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "172574"
},
{
"db": "PACKETSTORM",
"id": "172624"
},
{
"db": "PACKETSTORM",
"id": "172140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1610"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "NVD",
"id": "CVE-2023-24998"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-24998"
},
{
"date": "2023-11-13T21:01:39",
"db": "PACKETSTORM",
"id": "175549"
},
{
"date": "2023-11-15T14:07:20",
"db": "PACKETSTORM",
"id": "175724"
},
{
"date": "2023-09-04T17:29:56",
"db": "PACKETSTORM",
"id": "174475"
},
{
"date": "2023-09-04T17:29:45",
"db": "PACKETSTORM",
"id": "174474"
},
{
"date": "2023-10-11T16:46:58",
"db": "PACKETSTORM",
"id": "175070"
},
{
"date": "2023-05-25T15:06:23",
"db": "PACKETSTORM",
"id": "172574"
},
{
"date": "2023-05-30T16:32:27",
"db": "PACKETSTORM",
"id": "172624"
},
{
"date": "2023-05-04T14:33:07",
"db": "PACKETSTORM",
"id": "172140"
},
{
"date": "2023-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1610"
},
{
"date": "2023-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"date": "2023-02-20T16:15:10.423000",
"db": "NVD",
"id": "CVE-2023-24998"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2023-24998"
},
{
"date": "2023-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1610"
},
{
"date": "2024-05-29T07:11:00",
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"date": "2025-11-03T22:16:05.550000",
"db": "NVD",
"id": "CVE-2023-24998"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1610"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0Tomcat\u00a0 of \u00a0Apache\u00a0Commons\u00a0FileUpload\u00a0 denial of service ( DoS ) vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1610"
}
],
"trust": 0.6
}
}
VAR-200507-0034
Vulnerability from variot - Updated: 2026-03-09 21:43Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling.". A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Multiple vendors' products are prone to HTTP-request-smuggling issues. Attackers can piggyback an HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, attackers can launch cache-poisoning, cross-site scripting, session-hijacking, and other attacks. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Impact: Refer to the CVE identifiers for details.
Summary: Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Refer to the References section for the full list of resolved issues by CVE identifier.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a Medium risk rating.
Affected Products: CA Cohesion Application Configuration Manager 4.5
Non-Affected Products CA Cohesion Application Configuration Manager 4.5 SP1
Affected Platforms: Windows
Status and Recommendation: CA has issued the following update to address the vulnerabilities.
CA Cohesion Application Configuration Manager 4.5:
RO04648 https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search &searchID=RO04648
How to determine if you are affected:
- Using Windows Explorer, locate the file "RELEASE-NOTES".
- By default, the file is located in the "C:\Program Files\CA\Cohesion\Server\server\" directory.
- Open the file with a text editor.
- If the version is less than 5.5.25, the installation is vulnerable.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ CA20090123-01: Security Notice for Cohesion Tomcat https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975 40 Solution Document Reference APARs: RO04648 CA Security Response Blog posting: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx Reported By: n/a CVE References: CVE-2005-2090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090 CVE-2005-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510 CVE-2006-3835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835 CVE-2006-7195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195 CVE-2006-7196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196 CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 CVE-2007-1355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355 CVE-2007-1358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358 CVE-2007-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858 CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 CVE-2007-3385 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 CVE-2008-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128 *Note: the issue was not completely fixed by Tomcat maintainers. OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release v1.1 - Updated Impact, Summary, Affected Products
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15895
VERIFY ADVISORY: http://secunia.com/advisories/15895/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/
DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA15852
SOLUTION: Update to version 3.21. http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01178795 Version: 1
HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-02 Last Updated: 2007-10-02
Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.
References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache
BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01
action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. The update is available on https://www.hp.com/go/softwaredepot/ Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00.
MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- . Summary:
Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1. Relevant releases:
VirtualCenter Management Server 2 ESX Server 3.0.2 without patch ESX-1002434 ESX Server 3.0.1 without patch ESX-1003176
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to these issues.
JRE Security Update This release of VirtualCenter Server updates the JRE package from 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in the earlier release of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3004 to this issue.
Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices. Solution:
Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.
VMware VirtualCenter 2.0.2 Update 2 Release Notes http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html
VirtualCenter CD image md5sum d7d98a5d7f8afff32cee848f860d3ba7
VirtualCenter as Zip md5sum 3b42ec350121659e10352ca2d76e212b
ESX Server 3.0.2 http://kb.vmware.com/kb/1002434 md5sum: 2f52251f6ace3d50934344ef313539d5
ESX Server 3.0.1 http://kb.vmware.com/kb/1003176 md5sum: 5674ca0dcfac90726014cc316444996e
- Contact:
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce@lists.vmware.com
- bugtraq@securityfocus.com
- full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: - - Apache Tomcat 8.0.0-RC1 - - Apache Tomcat 7.0.0 to 7.0.42 - - Apache Tomcat 6.0.0 to 6.0.37
Description: The fix for CVE-2005-2090 was not complete. It did not cover the following cases: - - content-length header with chunked encoding over any HTTP connector - - multiple content-length headers over any AJP connector
Requests with multiple content-length headers or with a content-length header when chunked encoding is being used should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain either multiple content-length headers or a content-length header when chunked encoding is being used and several components do not reject the request and make different decisions as to which content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain sensitive information from requests other then their own. Tomcat now rejects requests with multiple content-length headers or with a content-length header when chunked encoding is being used.
Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Tomcat 8.0.0-RC3 or later (8.0.0-RC2 contains the fix but was not released) - - Upgrade to Apache Tomcat 7.0.47 or later (7.0.43 to 7.0.46 contain the fix but were not released) - - Upgrade to Apache Tomcat 6.0.39 or later (6.0.38 contains the fix but was not released)
Credit: This issue was identified by the Apache Tomcat security team while investigating an invalid report related to CVE-2005-2090
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200507-0034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "5.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.24"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "drupal",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pear xml rpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpxmlrpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postnuke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "serendipity",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wordpress",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xoops",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpmyfaq",
"version": null
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "4.0.6"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "4.1.34"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "5.0.30"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "5.5.22"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.10"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "webotx application server",
"scope": "lt",
"trust": 0.8,
"vendor": "nec",
"version": "v7.11"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "coyote http connector",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.1"
},
{
"model": "coyote http connector",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.0"
},
{
"model": "virtualcenter management server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.2"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.1"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp1 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.3"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "one web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "one web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "one web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "one web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "suse linux open-xchange",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "novell linux desktop sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux openexchange server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86-64"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86-64"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)4.2"
},
{
"model": "enterprise linux virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux hardware certification",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop multi os client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5.0"
},
{
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4.2"
},
{
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4.1"
},
{
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4.0"
},
{
"model": "hat network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3)4.2"
},
{
"model": "hat enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "oracle9i application server web cache",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "oracle9i application server web cache",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.2"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "zenworks linux management",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "7.3"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.9"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.8"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.10"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.11"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.6"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.10"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.6"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.5"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.4"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.3"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.2"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9.1"
},
{
"model": "delegate",
"scope": "eq",
"trust": 0.3,
"vendor": "delegate",
"version": "8.9"
},
{
"model": "associates unicenter service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates cohesion application configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.5"
},
{
"model": "associates cmdb",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "systems weblogic server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "systems weblogic express sp",
"scope": "eq",
"trust": 0.3,
"vendor": "bea",
"version": "8.11"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.30"
},
{
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.19"
},
{
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0"
},
{
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.24"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.53"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.52"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.51"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.50"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.49"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.29"
},
{
"model": "associates cohesion application configuration manager sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "computer",
"version": "4.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "13873"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-004"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000866"
},
{
"db": "NVD",
"id": "CVE-2005-2090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000866"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-004"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2005-2090",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-2090",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#442845",
"trust": 0.8,
"value": "20.75"
},
{
"author": "NVD",
"id": "CVE-2005-2090",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200507-004",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-004"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000866"
},
{
"db": "NVD",
"id": "CVE-2005-2090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\". A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Multiple vendors\u0027 products are prone to HTTP-request-smuggling issues. Attackers can piggyback an HTTP request inside of another HTTP request. By leveraging failures to implement the HTTP/1.1 RFC properly, attackers can launch cache-poisoning, cross-site scripting, session-hijacking, and other attacks. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\n\n\nCA Advisory Reference: CA20090123-01\n\n\nCA Advisory Date: 2009-01-23\n\n\nReported By: n/a\n\n\nImpact: Refer to the CVE identifiers for details. \n\n\nSummary: Multiple security risks exist in Apache Tomcat as \nincluded with CA Cohesion Application Configuration Manager. CA \nhas issued an update to address the vulnerabilities. Refer to the \nReferences section for the full list of resolved issues by CVE \nidentifier. \n\n\nMitigating Factors: None\n\n\nSeverity: CA has given these vulnerabilities a Medium risk rating. \n\n\nAffected Products:\nCA Cohesion Application Configuration Manager 4.5\n\n\nNon-Affected Products\nCA Cohesion Application Configuration Manager 4.5 SP1\n\n\nAffected Platforms:\nWindows\n\n\nStatus and Recommendation:\nCA has issued the following update to address the vulnerabilities. \n\nCA Cohesion Application Configuration Manager 4.5:\n\nRO04648\nhttps://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search\n\u0026searchID=RO04648\n\n\nHow to determine if you are affected:\n\n1. Using Windows Explorer, locate the file \"RELEASE-NOTES\". \n2. By default, the file is located in the \n \"C:\\Program Files\\CA\\Cohesion\\Server\\server\\\" directory. \n3. Open the file with a text editor. \n4. If the version is less than 5.5.25, the installation is \n vulnerable. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nCA20090123-01: Security Notice for Cohesion Tomcat\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975\n40\nSolution Document Reference APARs:\nRO04648\nCA Security Response Blog posting:\nCA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx\nReported By: \nn/a\nCVE References:\nCVE-2005-2090\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090\nCVE-2005-3510\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510\nCVE-2006-3835\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835\nCVE-2006-7195\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195\nCVE-2006-7196\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196\nCVE-2007-0450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\nCVE-2007-1355\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355\nCVE-2007-1358\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358\nCVE-2007-1858\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858\nCVE-2007-2449\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\nCVE-2007-2450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\nCVE-2007-3382\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\nCVE-2007-3385 *\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\nCVE-2007-3386\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\nCVE-2008-0128\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128\n*Note: the issue was not completely fixed by Tomcat maintainers. \nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\nv1.1 - Updated Impact, Summary, Affected Products\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\n82\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nNucleus XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15895\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15895/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNucleus 3.x\nhttp://secunia.com/product/3699/\n\nDESCRIPTION:\nA vulnerability has been reported in Nucleus, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 3.21. \nhttp://sourceforge.net/project/showfiles.php?group_id=66479\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01178795\nVersion: 1\n\nHPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-02\nLast Updated: 2007-10-02\n\nPotential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. \n\nReferences: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache\n\nBACKGROUND\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended patch or update is installed. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision A.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \n\naction: install revision B.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \nHP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \nThe update is available on https://www.hp.com/go/softwaredepot/ \nNote: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. \n\nMANUAL ACTIONS: Yes - Update \nInstall HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 02 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ\nHHoe3AY1sc6hrW3Xk+B1hcbr\n=+E1W\n-----END PGP SIGNATURE-----\n. Summary:\n\n Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX\n Server 3.0.2, and ESX 3.0.1. Relevant releases:\n\n VirtualCenter Management Server 2\n ESX Server 3.0.2 without patch ESX-1002434\n ESX Server 3.0.1 without patch ESX-1003176\n\n3. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to\n these issues. \n\n JRE Security Update\n This release of VirtualCenter Server updates the JRE package from\n 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in\n the earlier release of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2007-3004 to this issue. \n\n Security best practices provided by VMware recommend that the\n service console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n VMware VirtualCenter 2.0.2 Update 2 Release Notes\n http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html\n\n VirtualCenter CD image\n md5sum d7d98a5d7f8afff32cee848f860d3ba7\n\n VirtualCenter as Zip\n md5sum 3b42ec350121659e10352ca2d76e212b\n\n ESX Server 3.0.2\n http://kb.vmware.com/kb/1002434\n md5sum: 2f52251f6ace3d50934344ef313539d5\n\n ESX Server 3.0.1\n http://kb.vmware.com/kb/1003176\n md5sum: 5674ca0dcfac90726014cc316444996e\n\n5. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce@lists.vmware.com\n * bugtraq@securityfocus.com\n * full-disclosure@lists.grok.org.uk\n\nE-mail: security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)\n\nSeverity: Important\n\nVendor: The Apache Software Foundation\n\nVersions Affected:\n- - Apache Tomcat 8.0.0-RC1\n- - Apache Tomcat 7.0.0 to 7.0.42\n- - Apache Tomcat 6.0.0 to 6.0.37\n\nDescription:\nThe fix for CVE-2005-2090 was not complete. It did not cover the\nfollowing cases:\n- - content-length header with chunked encoding over any HTTP connector\n- - multiple content-length headers over any AJP connector\n\nRequests with multiple content-length headers or with a content-length\nheader when chunked encoding is being used should be rejected as\ninvalid. When multiple components (firewalls, caches, proxies and\nTomcat) process a sequence of requests where one or more requests\ncontain either multiple content-length headers or a content-length\nheader when chunked encoding is being used and several components do not\nreject the request and make different decisions as to which\ncontent-length header to use an attacker can poison a web-cache, perform\nan XSS attack and obtain sensitive information from requests other then\ntheir own. Tomcat now rejects requests with multiple content-length\nheaders or with a content-length header when chunked encoding is being\nused. \n\nMitigation:\nUsers of affected versions should apply one of the following mitigations\n- - Upgrade to Apache Tomcat 8.0.0-RC3 or later\n (8.0.0-RC2 contains the fix but was not released)\n- - Upgrade to Apache Tomcat 7.0.47 or later\n (7.0.43 to 7.0.46 contain the fix but were not released)\n- - Upgrade to Apache Tomcat 6.0.39 or later\n (6.0.38 contains the fix but was not released)\n\nCredit:\nThis issue was identified by the Apache Tomcat security team while\ninvestigating an invalid report related to CVE-2005-2090",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2090"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000866"
},
{
"db": "BID",
"id": "13873"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "62402"
},
{
"db": "PACKETSTORM",
"id": "125394"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2090",
"trust": 3.1
},
{
"db": "BID",
"id": "13873",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1014365",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "30908",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "26660",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "30899",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "29242",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "28365",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "26235",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "33668",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "27037",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2732",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-0233",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-0065",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-3087",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-3386",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-1979",
"trust": 1.6
},
{
"db": "BID",
"id": "25159",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "15895",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15810",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15922",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15852",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15855",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15861",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15862",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15872",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15883",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15884",
"trust": 0.8
},
{
"db": "BID",
"id": "14088",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014327",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#442845",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000866",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200507-004",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "74289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59939",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62402",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125394",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "13873"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "62402"
},
{
"db": "PACKETSTORM",
"id": "125394"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-004"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000866"
},
{
"db": "NVD",
"id": "CVE-2005-2090"
}
]
},
"id": "VAR-200507-0034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2026-03-09T21:43:04.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixed in Apache Tomcat 4.1.36",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"title": "Fixed in Apache Tomcat 5.5.24, 5.0.SVN",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"title": "Fixed in Apache Tomcat 6.0.11 ",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"title": "HS08-003",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-003/index.html"
},
{
"title": "HPSBUX02262",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01178795"
},
{
"title": "HPSBUX02262",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02262.html"
},
{
"title": "tomcat4 (V2.x)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1168"
},
{
"title": "NV09-003",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv09-003.html"
},
{
"title": "RHSA-2007:0327",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0327.html"
},
{
"title": "239312",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
},
{
"title": "interstage_as_200703",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200703.html"
},
{
"title": "HS08-003",
"trust": 0.8,
"url": "http://www.hitachi-support.com/security/vuls/HS08-003/index.html"
},
{
"title": "RHSA-2007:0327",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0327J.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/13873"
},
{
"trust": 1.9,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-206.htm"
},
{
"trust": 1.9,
"url": "http://www.watchfire.com/resources/http-request-smuggling.pdf"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/lists/bugtraq/2005/jun/0025.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2009/0233"
},
{
"trust": 1.6,
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"trust": 1.6,
"url": "http://www.securiteam.com/securityreviews/5gp0220g0u.html"
},
{
"trust": 1.6,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2008/1979/references"
},
{
"trust": 1.6,
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/33668"
},
{
"trust": 1.6,
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/27037"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0360.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2008/0065"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/30899"
},
{
"trust": 1.6,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/26660"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/28365"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10499"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/30908"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1014365"
},
{
"trust": 1.6,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2007/3386"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0327.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2007/3087"
},
{
"trust": 1.6,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/26235"
},
{
"trust": 1.6,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197540"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/25159"
},
{
"trust": 1.6,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01178795"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/29242"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2090"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15895/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15852/"
},
{
"trust": 0.8,
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15861/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15862/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15884/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15883/"
},
{
"trust": 0.8,
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15855/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15810/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15872/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15922/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14088"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-2090"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/jul/1014365.html"
},
{
"trust": 0.6,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7006398"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2090"
},
{
"trust": 0.3,
"url": "http://www.ietf.org/rfc/rfc2616.txt"
},
{
"trust": 0.3,
"url": "http://download.novell.com/download?buildid=n5vszfht1vs"
},
{
"trust": 0.3,
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23/ca20090123-01-cohesion-tomcat-multiple-vulnerabilities.aspx"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0327.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-1069.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0450"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2449"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1358"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0450"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3386"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2450"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3385"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7195"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1355"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-7195"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7196"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2450"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0128"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3510"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0128"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3835"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1355"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3835"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1858"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3385"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3386"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3382"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/redirarticles?reqpage=search"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-7196"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2449"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3699/"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/showfiles.php?group_id=66479"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/softwaredepot/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0774"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2756"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3004"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1003176"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1002434"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3004"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/resources/techresources/726"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://www.enigmail.net/"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "13873"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "62402"
},
{
"db": "PACKETSTORM",
"id": "125394"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-004"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000866"
},
{
"db": "NVD",
"id": "CVE-2005-2090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "13873"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "62402"
},
{
"db": "PACKETSTORM",
"id": "125394"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-004"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000866"
},
{
"db": "NVD",
"id": "CVE-2005-2090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#442845"
},
{
"date": "2005-06-06T00:00:00",
"db": "BID",
"id": "13873"
},
{
"date": "2009-01-27T23:27:39",
"db": "PACKETSTORM",
"id": "74289"
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38388"
},
{
"date": "2007-10-10T05:27:27",
"db": "PACKETSTORM",
"id": "59939"
},
{
"date": "2008-01-08T16:58:51",
"db": "PACKETSTORM",
"id": "62402"
},
{
"date": "2014-02-25T18:33:33",
"db": "PACKETSTORM",
"id": "125394"
},
{
"date": "2005-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-004"
},
{
"date": "2007-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000866"
},
{
"date": "2005-07-05T04:00:00",
"db": "NVD",
"id": "CVE-2005-2090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#442845"
},
{
"date": "2015-03-19T08:16:00",
"db": "BID",
"id": "13873"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-004"
},
{
"date": "2009-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000866"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2005-2090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-004"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-004"
}
],
"trust": 0.6
}
}
VAR-201201-0259
Vulnerability from variot - Updated: 2026-03-09 21:42Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Multiple Hitachi COBOL2002 products have security vulnerabilities that allow attackers to take control of target user systems. No detailed vulnerability details are provided at this time. Apache Tomcat is prone to a denial-of-service vulnerability. An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03716627
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03716627 Version: 1
HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2013-03-28 Last Updated: 2013-03-28
Potential Security Impact: Remote Denial of Service (DoS), access restriction bypass, unauthorized modification and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache running Tomcat Servlet Engine 5.5.35.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2009-2693 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2009-2902 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-3548 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-1157 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2010-3718 (AV:L/AC:H/Au:N/C:N/I:P/A:N) 1.2 CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0013 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-1184 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-2204 (AV:L/AC:M/Au:N/C:P/I:N/A:N) 1.9 CVE-2011-2526 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-2729 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3190 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-4858 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0022 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerability. The updates are available for download from https://h20392.www2.hp.com/portal /swdepot/displayProductInfo.do?productNumber=HPUXWST553601
Servlet Version Depot Name
HP-UX Apache Tomcat Servlet Engine v5.5.36.01 HP-UX_11.23_HPUXWS22T-B5536-1123.depot
HP-UX_11.31_HPUXWS22T-B5536-1131.depot
MANUAL ACTIONS: Yes - Update Install HP-UX Apache Tomcat Servlet Engine 5.5.36.01 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX Web Server Suite HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22TOMCAT.TOMCAT action: install revision B.5.5.36.01 or subsequent
END AFFECTED VERSION
HISTORY Version:1 (rev.1) - 28 March 2013 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description:
JBoss Operations Network (JBoss ON) is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. The Release Notes will be available shortly from https://docs.redhat.com/docs/en-US/index.html
The following security issues are also fixed with this release:
JBoss ON did not properly verify security tokens, allowing an unapproved agent to connect as an approved agent. As a result, the attacker could retrieve sensitive data about the server the hijacked agent was running on, including JMX credentials. (CVE-2012-0052)
JBoss ON sometimes allowed agent registration to succeed when the registration request did not include a security token. This is a feature designed to add convenience. A remote attacker could use this flaw to spoof the identity of an approved agent and pass a null security token, allowing them to hijack the approved agent's session, and steal its security token. As a result, the attacker could retrieve sensitive data about the server the hijacked agent was running on, including JMX credentials. (CVE-2011-4858)
Multiple cross-site scripting (XSS) flaws were found in the JBoss ON administration interface. If a remote attacker could trick a user, who was logged into the JBoss ON administration interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's JBoss ON session. (CVE-2011-3206)
JBoss ON did not verify that a user had the proper modify resource permissions when they attempted to delete a plug-in configuration update from the group connection properties history. This could allow such a user to delete a plug-in configuration update from the audit trail. Note that a user without modify resource permissions cannot use this flaw to make configuration changes. HP Network Node Manager I (NNMi) v9.0X and v9.1X for HP-UX, Linux, Solaris, and Windows.
These hotfixes also apply to the following products and can be applied to all patch levels:
HP NNM iSPI for IP QA HP NNM iSPI for IP Telephony HP NNM SPI for IP Multicast HP NNM SPI for MPLS
NNMi Version Operating System Hotfix
9.00 HP-UX, Linux, Solaris, and Windows. HF-NNMi-9.0xP5-JBoss-20130417
9.10 HP-UX, Linux, Solaris, and Windows. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
- 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm
i386: tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.i386.rpm
x86_64: tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm
i386: tomcat5-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.i386.rpm
x86_64: tomcat5-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm
Red Hat Enterprise Linux (v. Description:
The JBoss Communications Platform (JBCP) is an open source VoIP platform certified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as a high performance core for Service Delivery Platforms (SDPs) and IP Multimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence of data and video in Next-Generation Intelligent Network (NGIN) applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2012:0681-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0681.html Issue date: 2012-05-21 CVE Names: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 =====================================================================
- Summary:
An update for the Apache Tomcat 6 component for JBoss Enterprise Web Server 1.0.2 that fixes multiple security issues and three bugs is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package.
This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves the following security issues:
Multiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)
A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially-crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)
A flaw in the way Tomcat recycled objects that contain data from user requests (such as IP addresses and HTTP headers) when certain errors occurred. If a user sent a request that caused an error to be logged, Tomcat would return a reply to the next request (which could be sent by a different user) with data from the first user's request, leading to information disclosure. Under certain conditions, a remote attacker could leverage this flaw to hijack sessions. (CVE-2011-3375)
The Java hashCode() method implementation was susceptible to predictable hash collisions. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858)
Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022)
A flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)
A flaw in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526)
Red Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4858.
- Solution:
All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files).
Tomcat must be restarted for this update to take effect.
- Bugs fixed (http://bugzilla.redhat.com/):
717013 - CVE-2011-2204 tomcat: password disclosure vulnerability 720948 - CVE-2011-2526 tomcat: security manager restrictions bypass 734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure 741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication 750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003) 782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling 783359 - CVE-2012-0022 tomcat: large number of parameters DoS 5. References:
https://www.redhat.com/security/data/cve/CVE-2011-1184.html https://www.redhat.com/security/data/cve/CVE-2011-2204.html https://www.redhat.com/security/data/cve/CVE-2011-2526.html https://www.redhat.com/security/data/cve/CVE-2011-3190.html https://www.redhat.com/security/data/cve/CVE-2011-3375.html https://www.redhat.com/security/data/cve/CVE-2011-4858.html https://www.redhat.com/security/data/cve/CVE-2011-5062.html https://www.redhat.com/security/data/cve/CVE-2011-5063.html https://www.redhat.com/security/data/cve/CVE-2011-5064.html https://www.redhat.com/security/data/cve/CVE-2012-0022.html https://access.redhat.com/security/updates/classification/#moderate http://tomcat.apache.org/security-6.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=1.0.2 https://issues.jboss.org/browse/JBPAPP-4873 https://issues.jboss.org/browse/JBPAPP-6133 https://issues.jboss.org/browse/JBPAPP-6852
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPunlvXlSAg2UNWIIRAvqnAKCFCNODTaq3A180VLq9ptMsBURTcwCgsJls JsG5zbN8j1JMa8din0vPkdw= =zajO -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Hitachi COBOL2002 Products Unspecified Vulnerability
SECUNIA ADVISORY ID: SA47612
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47612/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47612
RELEASE DATE: 2012-01-20
DISCUSS ADVISORY: http://secunia.com/advisories/47612/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47612/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47612
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has reported a vulnerability in some COBOL2002 products, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error. No further information is currently available.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server. Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
7
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/a",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/a",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/a",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/c",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/c",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/a",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/c",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/a",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/f",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/b",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/b",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/c",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/a",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/f",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "5.5.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/g",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/c",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/c",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/i",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "05-05"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/d",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/h",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/g",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/f",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/d",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/a",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-12"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/e",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/g",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/b",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/c",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/d",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.21"
},
{
"_id": null,
"model": "cosminexus application server enterprise )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/d",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "cosminexus application server standard )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/f",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/d",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/f",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-06"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/m",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache tomcat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruby",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"_id": null,
"model": "interstage list works",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage service integrator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard"
},
{
"_id": null,
"model": "systemwalker software configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker it change manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"_id": null,
"model": "interstage xml business activity recorder",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard-j edition v7.1 to v8.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "7.x"
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise service bus v6.4 to v8.4"
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v4.1 to v6.5"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "smart edition"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "6.x"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "systemwalker operation manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker it process master",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "developer v7.1 to v8.1"
},
{
"_id": null,
"model": "interstage application development cycle manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "none"
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "portal v8.2 to v8.3"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v7.1 to v8.1"
},
{
"_id": null,
"model": "csview",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/faq navigator v4 v5"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.2 to v8.4"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard-r"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.2 to v8.4"
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "sip application server st ard edition v7.1 to v8.1"
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "development environment v6.1 to v6.5"
},
{
"_id": null,
"model": "systemwalker desktop inspection",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.35"
},
{
"_id": null,
"model": "websam storage vmware vcenter plug-in",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v1.1"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v7.1 to v8.1"
},
{
"_id": null,
"model": "success server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "plus developer / apworks / studio"
},
{
"_id": null,
"model": "systemwalker service quality coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "uddi registry v1.1 to v7.1"
},
{
"_id": null,
"model": "systemwalker runbook automation",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "serverview",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "resource orchestrator cloud edition"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard v8.2 to v8.4"
},
{
"_id": null,
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"_id": null,
"model": "interstage list manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard-j edition v4.1 to v6.5"
},
{
"_id": null,
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "infoframe documentskipper",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v4.1"
},
{
"_id": null,
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "pc security v1.44 before"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v4.1 to v6.5"
},
{
"_id": null,
"model": "internet navigware server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"_id": null,
"model": "infoframe documentskipper",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.2"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise"
},
{
"_id": null,
"model": "websam securemaster",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterpriseidentitymanager ver4.1 all versions up to"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker availability view",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage shunsaku data manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "interstage form coordinator workflow",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker service catalog manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v4.1 to v6.5"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v7.1 to v8.1"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard version 6"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"_id": null,
"model": "websam securemaster",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterpriseaccessmanager ver5.0 to ver6.1"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.2 to v8.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard version 6"
},
{
"_id": null,
"model": "garoon",
"scope": "eq",
"trust": 0.8,
"vendor": "cybozu",
"version": "2.0.0 to 3.1"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform - messaging"
},
{
"_id": null,
"model": "infoframe documentskipper",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v5.1"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "cobol2002 net server suite",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "2.x"
},
{
"_id": null,
"model": "cobol2002 net client suite",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "2.x"
},
{
"_id": null,
"model": "cobol2002 net developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "2.x"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "02-00"
},
{
"_id": null,
"model": "cosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/i",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/n",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/l",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server 06-71-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/j",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/e",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/n",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-08"
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/i",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/o",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/e",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/b )",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-06"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/i",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "cosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "cosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/e",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/k",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/e",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 06-51-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "network node manager i spi",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.19"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/c (solari",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/r",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli foundations for application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.14"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "cosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-c (solaris",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "tivoli key lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.18"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-20"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.22"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.23"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1"
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-06"
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus developer 06-70-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-01-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.30"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli netcool/omnibus web gui",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-01-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.13"
},
{
"_id": null,
"model": "ucosminexus application server enterpris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "jboss enterprise application platform for rhel 4as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.21"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.8"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "geronimo",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus studio 05-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "network node manager i spi",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.10"
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.1"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.14"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "cosminexus studio 05-01-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/a linux )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.4"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.21"
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netcool/webtop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/c (hp-ux(",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-02-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.2"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.3"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "3.1.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.9"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/g )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.19"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "tivoli foundations for application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.6"
},
{
"_id": null,
"model": "jboss enterprise application platform for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "55"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.13"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-20"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0"
},
{
"_id": null,
"model": "jboss communications platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.1.2"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.5"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus studio 05-05-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus application server standard hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.1"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.5"
},
{
"_id": null,
"model": "tivoli netcool performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.1"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.31"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.30"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss communications platform",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "5.1.3"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.4"
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.17"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-12"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-08"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netcool performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-02"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72(*1)"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.1"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.12"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/s",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/b )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-01-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus application server standard (solaris(sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.11"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "51.0"
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.2"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.12"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.27"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "application manager for smart business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "security siteprotector system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.9"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.9"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cosminexus studio 05-05-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.4.1"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51-01"
},
{
"_id": null,
"model": "ucosminexus developer 06-71-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.16"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.19"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise hp-ux )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform for rhel 4es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise hp-ux )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "tivoli key lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.11"
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-01-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-02"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/c (hp-ux(",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.17"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/g )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.1"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.16"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.4"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.9"
},
{
"_id": null,
"model": "ucosminexus application server 06-71-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.24"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-01"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.22"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-05"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.2"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-05"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/n",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/n",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/g )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.35"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/g (aix",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.13"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.11"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.8"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.15"
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise (solaris(sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-1"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.28"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.20"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.32"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.6"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.7"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server express",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-70"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.7"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72(*1)"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli key lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "65"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "network node manager i spi",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.11"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-12"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "2.4.2"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "cosminexus developer 05-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netcool performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.10"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/d (windows",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterpris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.7"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.26"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/b )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.31"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.22"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.3"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.33"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/b (linux(",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 06-50-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "cosminexus application server standard )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.15"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.25"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-02"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web server for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "61.0"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/b )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/b (linux(",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/n",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.29"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-01-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.10"
},
{
"_id": null,
"model": "geronimo",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "CNVD",
"id": "CNVD-2012-0341"
},
{
"db": "BID",
"id": "51200"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-056"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:cognos_business_intelligence",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cybozu:garoon",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:csview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:infocage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:infoframe_documentskipper",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:websam_securemaster",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:it_operations_analyzer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_list_works",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_shunsaku_data_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:serverview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:success_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "109328"
},
{
"db": "PACKETSTORM",
"id": "112907"
},
{
"db": "PACKETSTORM",
"id": "109270"
},
{
"db": "PACKETSTORM",
"id": "111782"
},
{
"db": "PACKETSTORM",
"id": "109274"
},
{
"db": "PACKETSTORM",
"id": "112908"
},
{
"db": "PACKETSTORM",
"id": "109269"
}
],
"trust": 0.7
},
"cve": "CVE-2011-4858",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-4858",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4858",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#903934",
"trust": 0.8,
"value": "10.80"
},
{
"author": "NVD",
"id": "CVE-2011-4858",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-056",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-4858",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-056"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"description": {
"_id": null,
"data": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Multiple Hitachi COBOL2002 products have security vulnerabilities that allow attackers to take control of target user systems. No detailed vulnerability details are provided at this time. Apache Tomcat is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03716627\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03716627\nVersion: 1\n\nHPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine,\nRemote Denial of Service (DoS), Access Restriction Bypass, Unauthorized\nModification and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-03-28\nLast Updated: 2013-03-28\n\n- ----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), access restriction\nbypass, unauthorized modification and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache\nrunning Tomcat Servlet Engine. These vulnerabilities could be exploited\nremotely to create a Denial of Service (DoS) or to perform an access\nrestriction bypass, unauthorized modification, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache running Tomcat Servlet Engine\n5.5.35.01 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6\nCVE-2009-2693 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8\nCVE-2009-2902 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2009-3548 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2010-1157 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\nCVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2010-3718 (AV:L/AC:H/Au:N/C:N/I:P/A:N) 1.2\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-0013 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2011-1184 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-2204 (AV:L/AC:M/Au:N/C:P/I:N/A:N) 1.9\nCVE-2011-2526 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2011-2729 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3190 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-4858 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0022 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerability. \nThe updates are available for download from https://h20392.www2.hp.com/portal\n/swdepot/displayProductInfo.do?productNumber=HPUXWST553601\n\nServlet Version\n Depot Name\n\nHP-UX Apache Tomcat Servlet Engine v5.5.36.01\nHP-UX_11.23_HPUXWS22T-B5536-1123.depot\n\nHP-UX_11.31_HPUXWS22T-B5536-1131.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Apache Tomcat Servlet Engine 5.5.36.01 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX Web Server Suite\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.5.5.36.01 or subsequent\n\nEND AFFECTED VERSION\n\nHISTORY\nVersion:1 (rev.1) - 28 March 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Description:\n\nJBoss Operations Network (JBoss ON) is a middleware management solution\nthat provides a single point of control to deploy, manage, and monitor\nJBoss Enterprise Middleware, applications, and services. The Release\nNotes will be available shortly from\nhttps://docs.redhat.com/docs/en-US/index.html\n\nThe following security issues are also fixed with this release:\n\nJBoss ON did not properly verify security tokens, allowing an unapproved\nagent to connect as an approved agent. As a result,\nthe attacker could retrieve sensitive data about the server the hijacked\nagent was running on, including JMX credentials. (CVE-2012-0052)\n\nJBoss ON sometimes allowed agent registration to succeed when the\nregistration request did not include a security token. This is a feature\ndesigned to add convenience. A remote attacker could use this flaw to\nspoof the identity of an approved agent and pass a null security token,\nallowing them to hijack the approved agent\u0027s session, and steal its\nsecurity token. As a result, the attacker could retrieve sensitive data\nabout the server the hijacked agent was running on, including JMX\ncredentials. (CVE-2011-4858)\n\nMultiple cross-site scripting (XSS) flaws were found in the JBoss ON\nadministration interface. If a remote attacker could trick a user, who was\nlogged into the JBoss ON administration interface, into visiting a\nspecially-crafted URL, it would lead to arbitrary web script execution in\nthe context of the user\u0027s JBoss ON session. (CVE-2011-3206)\n\nJBoss ON did not verify that a user had the proper modify resource\npermissions when they attempted to delete a plug-in configuration update\nfrom the group connection properties history. This could allow such a user\nto delete a plug-in configuration update from the audit trail. Note that a\nuser without modify resource permissions cannot use this flaw to make\nconfiguration changes. \nHP Network Node Manager I (NNMi) v9.0X and v9.1X for HP-UX, Linux, Solaris,\nand Windows. \n\nThese hotfixes also apply to the following products and can be applied to all\npatch levels:\n\nHP NNM iSPI for IP QA\nHP NNM iSPI for IP Telephony\nHP NNM SPI for IP Multicast\nHP NNM SPI for MPLS\n\nNNMi Version\n Operating System\n Hotfix\n\n9.00\n HP-UX, Linux, Solaris, and Windows. \n HF-NNMi-9.0xP5-JBoss-20130417\n\n9.10\n HP-UX, Linux, Solaris, and Windows. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm\n\ni386:\ntomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.i386.rpm\n\nx86_64:\ntomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm\n\ni386:\ntomcat5-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-common-lib-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-jasper-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-server-lib-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-webapps-5.5.23-0jpp.31.el5_8.i386.rpm\n\nx86_64:\ntomcat5-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-common-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-jasper-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-server-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm\n\nRed Hat Enterprise Linux (v. Description:\n\nThe JBoss Communications Platform (JBCP) is an open source VoIP platform\ncertified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as\na high performance core for Service Delivery Platforms (SDPs) and IP\nMultimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence\nof data and video in Next-Generation Intelligent Network (NGIN)\napplications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: tomcat6 security and bug fix update\nAdvisory ID: RHSA-2012:0681-01\nProduct: JBoss Enterprise Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0681.html\nIssue date: 2012-05-21\nCVE Names: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 \n CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 \n CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 \n CVE-2012-0022 \n=====================================================================\n\n1. Summary:\n\nAn update for the Apache Tomcat 6 component for JBoss Enterprise Web Server\n1.0.2 that fixes multiple security issues and three bugs is now available\nfrom the Red Hat Customer Portal. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. \n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage. \n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application\u0027s\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user\u0027s request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user\u0027s password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server. \n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858. \n\n3. Solution:\n\nAll users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat\nCustomer Portal are advised to apply this update. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). \n\nTomcat must be restarted for this update to take effect. \n\n4. Bugs fixed (http://bugzilla.redhat.com/):\n\n717013 - CVE-2011-2204 tomcat: password disclosure vulnerability\n720948 - CVE-2011-2526 tomcat: security manager restrictions bypass\n734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure\n741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication\n750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)\n782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling\n783359 - CVE-2012-0022 tomcat: large number of parameters DoS\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-1184.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2204.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2526.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3190.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3375.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4858.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5062.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5063.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5064.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0022.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://tomcat.apache.org/security-6.html\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=1.0.2\nhttps://issues.jboss.org/browse/JBPAPP-4873\nhttps://issues.jboss.org/browse/JBPAPP-6133\nhttps://issues.jboss.org/browse/JBPAPP-6852\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPunlvXlSAg2UNWIIRAvqnAKCFCNODTaq3A180VLq9ptMsBURTcwCgsJls\nJsG5zbN8j1JMa8din0vPkdw=\n=zajO\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi COBOL2002 Products Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47612\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47612/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47612\n\nRELEASE DATE:\n2012-01-20\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47612/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47612/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47612\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has reported a vulnerability in some COBOL2002 products,\nwhich can be exploited by malicious users to compromise a vulnerable\nsystem. \n\nThe vulnerability is caused due to an unspecified error. No further\ninformation is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4858"
},
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "CNVD",
"id": "CNVD-2012-0341"
},
{
"db": "BID",
"id": "51200"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "109328"
},
{
"db": "PACKETSTORM",
"id": "112907"
},
{
"db": "PACKETSTORM",
"id": "109270"
},
{
"db": "PACKETSTORM",
"id": "122552"
},
{
"db": "PACKETSTORM",
"id": "111782"
},
{
"db": "PACKETSTORM",
"id": "109274"
},
{
"db": "PACKETSTORM",
"id": "112908"
},
{
"db": "PACKETSTORM",
"id": "108859"
},
{
"db": "PACKETSTORM",
"id": "109269"
}
],
"trust": 4.14
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4858"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2011-4858",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#903934",
"trust": 3.3
},
{
"db": "OCERT",
"id": "OCERT-2011-003",
"trust": 2.8
},
{
"db": "BID",
"id": "51200",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "48791",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48790",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48549",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "54971",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "55115",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "47612",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-0341",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[ANNOUNCE] 20111228 [SECURITY] APACHE TOMCAT AND THE HASHTABLE COLLISION DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201201-056",
"trust": 0.6
},
{
"db": "HITACHI",
"id": "HS12-002",
"trust": 0.4
},
{
"db": "HITACHI",
"id": "HS12-019",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "2012",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-4858",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109328",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112907",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109270",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122552",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111782",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108859",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109269",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "CNVD",
"id": "CNVD-2012-0341"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "BID",
"id": "51200"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "109328"
},
{
"db": "PACKETSTORM",
"id": "112907"
},
{
"db": "PACKETSTORM",
"id": "109270"
},
{
"db": "PACKETSTORM",
"id": "122552"
},
{
"db": "PACKETSTORM",
"id": "111782"
},
{
"db": "PACKETSTORM",
"id": "109274"
},
{
"db": "PACKETSTORM",
"id": "112908"
},
{
"db": "PACKETSTORM",
"id": "108859"
},
{
"db": "PACKETSTORM",
"id": "109269"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-056"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"id": "VAR-201201-0259",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0341"
}
],
"trust": 0.9790197866666667
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0341"
}
]
},
"last_update_date": "2026-03-09T21:42:05.809000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Changelog",
"trust": 0.8,
"url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
},
{
"title": "HS12-019",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-019/index.html"
},
{
"title": "HS12-003",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-003/index.html"
},
{
"title": "1626697",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697"
},
{
"title": "4034373",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373"
},
{
"title": "NV12-003",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv12-003.html"
},
{
"title": "Bug 750521",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
},
{
"title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java"
},
{
"title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java1",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
},
{
"title": "Multiple Denial of Service (DoS) vulnerabilities in Apache Tomcat",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos"
},
{
"title": "CY12-02-006",
"trust": 0.8,
"url": "http://cs.cybozu.co.jp/information/20120224up08.php"
},
{
"title": "interstage_as_201201",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html"
},
{
"title": "HS12-019",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-019/index.html"
},
{
"title": "HS12-003",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-003/index.html"
},
{
"title": "\u3010iStorage M\u30b7\u30ea\u30fc\u30ba\u3011WebSAM Storage VMware vCenter Plug-inV1.1\u304c\u4f7f\u7528\u3057\u3066\u3044\u308bApache Tomcat\u8106\u5f31\u6027\u554f\u984c\u306e\u5bfe\u51e6\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.support.nec.co.jp/View.aspx?id=3140100906"
},
{
"title": "WebOTX Web\u30b3\u30f3\u30c6\u30ca \u306e\u30cf\u30c3\u30b7\u30e5\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\uff08CVE-2011-4858\uff09\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "https://www.support.nec.co.jp/View.aspx?id=3010100358"
},
{
"title": "InfoCage PC\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 - \u91cd\u8981\u306a\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.nec.co.jp/cced/infocage/info/pc_security_news120329.html"
},
{
"title": "Patch for Hitachi COBOL2002 product has an unknown vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/8212"
},
{
"title": "Red Hat: Moderate: tomcat6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120475 - Security Advisory"
},
{
"title": "Red Hat: Moderate: tomcat5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120474 - Security Advisory"
},
{
"title": "Red Hat: Important: jbossweb security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120074 - Security Advisory"
},
{
"title": "Red Hat: Important: jbossweb security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120076 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: tomcat6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1359-1"
},
{
"title": "Red Hat: Moderate: tomcat5 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120680 - Security Advisory"
},
{
"title": "Red Hat: Moderate: tomcat6 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120682 - Security Advisory"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2011-4084 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0341"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
},
{
"trust": 2.8,
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0089.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0076.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0078.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0077.html"
},
{
"trust": 1.1,
"url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2012/dsa-2401"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48791"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48790"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/54971"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/55115"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0406.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0074.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0075.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0325.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/51200"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18886"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48549"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
},
{
"trust": 1.0,
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106@apache.org%3e"
},
{
"trust": 1.0,
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106%40apache.org%3e"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858"
},
{
"trust": 0.8,
"url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf"
},
{
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx"
},
{
"trust": 0.8,
"url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4858"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu903934"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4858"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/47612/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/security/data/cve/cve-2011-4858.html"
},
{
"trust": 0.7,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0022.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-5063.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-2526.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-5064.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1184.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-5062.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062"
},
{
"trust": 0.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-002/index.html"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://geronimo.apache.org/21x-security-report.html#2.1.xsecurityreport-218"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231290\u0026ac.admitted=1332939369059.876444892.492883150"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675356"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675361"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674752"
},
{
"trust": 0.3,
"url": "http://downloads.avaya.com/css/p8/documents/100160577"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-019/index.html"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231290\u0026ac.admitted=1332967060052.876444892.199480143"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03824583"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650482"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21654075"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21654242"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651284"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672144"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646446"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21626697"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-4610.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4610"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://docs.redhat.com/docs/en-us/index.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-2204.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3190.html"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/browse/jbpapp-6133"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/browse/jbpapp-4873"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2"
},
{
"trust": 0.2,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2012:0475"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2011-4084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1359-1/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/2012/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-4573.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0052.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0052"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4573"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3206.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=em\u0026version=2.4.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3206"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0062.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0679.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=enterpriseweb.platform\u0026downloadtype=securitypatches\u0026version=5.1.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3554"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4605"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0474.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=communications.platform\u0026downloadtype=distributions"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/browse/jbpapp-6852"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3375.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0681.html"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3375"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47612/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47612"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "CNVD",
"id": "CNVD-2012-0341"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "BID",
"id": "51200"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "109328"
},
{
"db": "PACKETSTORM",
"id": "112907"
},
{
"db": "PACKETSTORM",
"id": "109270"
},
{
"db": "PACKETSTORM",
"id": "122552"
},
{
"db": "PACKETSTORM",
"id": "111782"
},
{
"db": "PACKETSTORM",
"id": "109274"
},
{
"db": "PACKETSTORM",
"id": "112908"
},
{
"db": "PACKETSTORM",
"id": "108859"
},
{
"db": "PACKETSTORM",
"id": "109269"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-056"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#903934",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2012-0341",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2011-4858",
"ident": null
},
{
"db": "BID",
"id": "51200",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121037",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109328",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "112907",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109270",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122552",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111782",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109274",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "112908",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "108859",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109269",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201201-056",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2011-4858",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-12-28T00:00:00",
"db": "CERT/CC",
"id": "VU#903934",
"ident": null
},
{
"date": "2012-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0341",
"ident": null
},
{
"date": "2012-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4858",
"ident": null
},
{
"date": "2011-12-29T00:00:00",
"db": "BID",
"id": "51200",
"ident": null
},
{
"date": "2013-04-01T15:55:00",
"db": "PACKETSTORM",
"id": "121037",
"ident": null
},
{
"date": "2012-02-02T01:22:48",
"db": "PACKETSTORM",
"id": "109328",
"ident": null
},
{
"date": "2012-05-22T00:22:52",
"db": "PACKETSTORM",
"id": "112907",
"ident": null
},
{
"date": "2012-02-01T02:54:24",
"db": "PACKETSTORM",
"id": "109270",
"ident": null
},
{
"date": "2013-07-25T18:22:00",
"db": "PACKETSTORM",
"id": "122552",
"ident": null
},
{
"date": "2012-04-12T03:11:30",
"db": "PACKETSTORM",
"id": "111782",
"ident": null
},
{
"date": "2012-02-01T02:55:27",
"db": "PACKETSTORM",
"id": "109274",
"ident": null
},
{
"date": "2012-05-22T00:23:56",
"db": "PACKETSTORM",
"id": "112908",
"ident": null
},
{
"date": "2012-01-20T08:20:00",
"db": "PACKETSTORM",
"id": "108859",
"ident": null
},
{
"date": "2012-02-01T02:53:47",
"db": "PACKETSTORM",
"id": "109269",
"ident": null
},
{
"date": "2012-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-056",
"ident": null
},
{
"date": "2012-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001003",
"ident": null
},
{
"date": "2012-01-05T19:55:01.033000",
"db": "NVD",
"id": "CVE-2011-4858",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#903934",
"ident": null
},
{
"date": "2012-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0341",
"ident": null
},
{
"date": "2018-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4858",
"ident": null
},
{
"date": "2017-05-23T16:26:00",
"db": "BID",
"id": "51200",
"ident": null
},
{
"date": "2012-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-056",
"ident": null
},
{
"date": "2013-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001003",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4858",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "109270"
},
{
"db": "PACKETSTORM",
"id": "111782"
},
{
"db": "PACKETSTORM",
"id": "112908"
},
{
"db": "PACKETSTORM",
"id": "109269"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-056"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "Hash table implementations vulnerable to algorithmic complexity attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-056"
}
],
"trust": 0.6
}
}
VAR-201404-0585
Vulnerability from variot - Updated: 2026-03-09 21:05MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. The following products are vulnerable: Apache Commons FileUpload 1.0 through versions 1.3 Apache Tomcat 8.0.0-RC1 through versions 8.0.1 Apache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29
http://security.gentoo.org/
Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29
Synopsis
Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56
Description
Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.
Resolution
All Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"
All Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"
References
[ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-29.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Summary
VMware has updated vSphere third party libraries
-
Relevant releases
VMware vCenter Server 5.5 prior to Update 2
VMware vCenter Update Manager 5.5 prior to Update 2
VMware ESXi 5.5 without patch ESXi550-201409101-SG
-
Problem Description
a. vCenter Server Apache Struts Update
The Apache Struts library is updated to address a security issue.
This issue may lead to remote code execution after authentication.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-0114 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any 5.5 Update 2
vCenter Server 5.1 any Patch Pending
vCenter Server 5.0 any Patch Pending
b.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and
CVE-2014-0050 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any 5.5 Update 2
vCenter Server 5.1 any Patch Pending
vCenter Server 5.0 any Patch Pending
c. Update to ESXi glibc package
glibc is updated to address multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to
these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
ESXi 5.5 any ESXi550-201409101-SG
ESXi 5.1 any Patch Pending
ESXi 5.0 any Patch Pending
d. vCenter and Update Manager, Oracle JRE 1.7 Update 55
Oracle has documented the CVE identifiers that are addressed in
JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update
Advisory of April 2014.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any 5.5 Update 2
vCenter Server 5.1 any not applicable *
vCenter Server 5.0 any not applicable *
vCenter Update Manager 5.5 any 5.5 Update 2
vCenter Update Manager 5.1 any not applicable *
vCenter Update Manager 5.0 any not applicable *
* this product uses the Oracle JRE 1.6.0 family *
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Server and Update Manager 5.5u2
Downloads and Documentation: https://www.vmware.com/go/download-vsphere
ESXi 5.5
Download: https://www.vmware.com/patchmgr/findPatch.portal
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914
JRE
Oracle Java SE Critical Patch Update Advisory of April 2014
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- Change log
2014-09-09 VMSA-2014-0008 Initial security advisory in conjunction with the release of vSphere 5.5 Update 2 on 2014-09-09. Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05324755 Version: 1
HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-11-04 Last Updated: 2016-11-04
Potential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary Code Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery.
References:
- CVE-2014-0114 - Apache Struts, execution of arbitrary code
- CVE-2016-0763 - Apache Tomcat, denial of service (DoS)
- CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions
- CVE-2015-3253 - Apache Groovy, execution of arbitrary code
- CVE-2015-5652 - Python, elevation of privilege
- CVE-2013-6429 - Spring Framework, cross-site request forgery
- CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)
- PSRT110264
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP SiteScope Monitors Software Series 11.2xa11.32IP1
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2013-6429
6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0050
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0107
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0114
6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-3253
7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-5652
8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-0763
6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided a resolution via an update to HPE SiteScope. Details on the update and each vulnerability are in the KM articles below.
Note: The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: https://softwaresupport.hpe.com.
-
Apache Commons FileUpload: KM02550251 (CVE-2014-0050):
-
Apache Struts: KM02553983 (CVE-2014-0114):
-
Apache Tomcat: KM02553990 (CVE-2016-0763):
-
Apache XML Xalan: KM02553991 (CVE-2014-0107):
-
Apache Groovy: KM02553992 (CVE-2015-3253):
-
Python: KM02553997 (CVE-2015-5652):
-
Spring Framework: KM02553998 (CVE-2013-6429):
HISTORY Version:1 (rev.1) - 4 November 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.
This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes various bug fixes, which are listed in the README file included with the patch files.
The following security issues are also addressed with this release:
It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. (CVE-2013-7285)
It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. (CVE-2014-0003)
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. (CVE-2013-6440)
It was found that the Apache Camel XSLT component would resolve entities in XML messages when transforming them using an XSLT route. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials.
CVE-2013-2071
A runtime exception in AsyncListener.onComplete() prevents the request from
being recycled. This may expose elements of a previous request to a current
request.
CVE-2013-4322
When processing a request submitted using the chunked transfer encoding,
Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount
of data to the server.
For the stable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u1.
For the testing distribution (jessie), these problems have been fixed in version 7.0.52-1.
For the unstable distribution (sid), these problems have been fixed in version 7.0.52-1.
We recommend that you upgrade your tomcat7 packages. This issue was found to be only partially addressed in CVE-2014-0094.
CVE-2014-0050 may lead to a denial of service condition.
vCenter Operations Management Suite (vCOps) is affected by both
CVE-2014-0112 and CVE-2014-0050.
vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not
by CVE-2014-0112.
Workaround
A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager
application, access to that functionality is limited to authenticated administrators. This issue was reported responsibly to the Apache Software Foundation via JPCERT but an error in addressing an e-mail led to the unintended early disclosure of this issue[1].
Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Commons FileUpload 1.3.1 or later once released - - Upgrade to Apache Tomcat 8.0.2 or later once released - - Upgrade to Apache Tomcat 7.0.51 or later once released - - Apply the appropriate patch - Commons FileUpload: http://svn.apache.org/r1565143 - Tomcat 8: http://svn.apache.org/r1565163 - Tomcat 7: http://svn.apache.org/r1565169 - - Limit the size of the Content-Type header to less than 4091 bytes
Credit: This issue was reported to the Apache Software Foundation via JPCERT.
Additionally a build problem with maven was discovered, fixed maven packages is also being provided with this advisory.
References:
- CVE-2009-5028 - Namazu Remote Denial of Service
- CVE-2011-4345 - Namazu Cross-site Scripting
- CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of Information
- CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information
- CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2017-5787 - DoS - LINUX VCRM
- CVE-2016-8517 - SIM
- CVE-2016-8516 - SIM
- CVE-2016-8518 - SIM
- CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM
- CVE-2016-8515 - Malicious File Upload - Linux VCRM
- CVE-2016-8514 - Information Disclosure - Linux VCRM
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. (CVE-2013-4286)
It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322)
It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update Advisory ID: RHSA-2014:0400-03 Product: Red Hat JBoss Fuse Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html Issue date: 2014-04-14 CVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 CVE-2014-0085 CVE-2014-1904 =====================================================================
- Summary:
Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Red Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat JBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the link in the References section, for a list of changes.
- Description:
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
Security fixes:
A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block. (CVE-2013-2172)
A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle attacker could possibly use this flaw to unilaterally disable bidirectional authentication between a client and a server, forcing a downgrade to simple (unidirectional) authentication. This flaw only affected users who have enabled Hadoop's Kerberos security features. (CVE-2013-2192)
It was discovered that the Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. A remote attacker could use this flaw to conduct XML External Entity (XXE) attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-4152)
It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. (CVE-2013-4517)
It was found that the Spring MVC SourceHttpMessageConverter enabled entity resolution by default. A remote attacker could use this flaw to conduct XXE attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-6429)
The Spring JavaScript escape method insufficiently escaped some characters. Applications using this method to escape user-supplied content, which would be rendered in HTML5 documents, could be exposed to cross-site scripting (XSS) flaws. (CVE-2013-6430)
A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. (CVE-2014-0050)
It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues in Spring were incomplete. Spring MVC processed user-provided XML and neither disabled XML external entities nor provided an option to disable them, possibly allowing a remote attacker to conduct XXE attacks. (CVE-2014-0054)
A cross-site scripting (XSS) flaw was found in the Spring Framework when using Spring MVC. When the action was not specified in a Spring form, the action field would be populated with the requested URI, allowing an attacker to inject malicious content into the form. (CVE-2014-1904)
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035)
An information disclosure flaw was found in the way Apache Zookeeper stored the password of an administrative user in the log files. A local user with access to these log files could use the exposed sensitive information to gain administrative access to an application using Apache Zookeeper. (CVE-2014-0085)
The CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and Arun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2014-0085 issue was discovered by Graeme Colman of Red Hat.
- Solution:
All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing 1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw 1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability 1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging 1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC 1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429
- References:
https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2172.html https://www.redhat.com/security/data/cve/CVE-2013-2192.html https://www.redhat.com/security/data/cve/CVE-2013-4152.html https://www.redhat.com/security/data/cve/CVE-2013-4517.html https://www.redhat.com/security/data/cve/CVE-2013-6429.html https://www.redhat.com/security/data/cve/CVE-2013-6430.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://www.redhat.com/security/data/cve/CVE-2014-0054.html https://www.redhat.com/security/data/cve/CVE-2014-0085.html https://www.redhat.com/security/data/cve/CVE-2014-1904.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.1.0 https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0 4iA38miFgmWgRtUp0Xztb6E= =/1+z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). The verification of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages (JSP) and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications.
Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.0"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0in"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus primary server base (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus primary server base (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "programming environment for java )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "programming environment for java )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "cosminexus component container )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus component container window",
"scope": "ne",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "ne",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"_id": null,
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"_id": null,
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"_id": null,
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.2"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.8.1"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.7.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "linux 10.04.lts",
"scope": null,
"trust": 0.3,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": "linux enterprise server sp3 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.54"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.33"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.32"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.31"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.30"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.1"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.0"
},
{
"_id": null,
"model": "jboss fuse service works",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "jboss enterprise web server el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "jboss enterprise web server el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2.1"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "jboss enterprise application platform el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "jboss brms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.1"
},
{
"_id": null,
"model": "jboss brms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "jboss bpms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.1"
},
{
"_id": null,
"model": "jboss bpms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "jboss a-mq",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "fuse esb enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.1.0"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server eus 6.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.6.0"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.2"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.6.1"
},
{
"_id": null,
"model": "retail returns management rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail returns management 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "retail open commerce platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "retail central office rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "retail central office 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "retail back office rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "retail back office 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.10"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.16"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.15"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.14"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.13"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"_id": null,
"model": "health sciences empirica study",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"_id": null,
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.3.3"
},
{
"_id": null,
"model": "health sciences empirica inspections",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.1.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.2"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"_id": null,
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.3"
},
{
"_id": null,
"model": "communications online mediation controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"_id": null,
"model": "application express 1.1-ea",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere message broker for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"_id": null,
"model": "websphere extended deployment compute grid",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "websphere extended deployment compute",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "websphere business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.3"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.2"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.13"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.12"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.11"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1100"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1000"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1000"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4100"
},
{
"_id": null,
"model": "tivoli remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "tivoli composite application manager for application diagnostics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.21"
},
{
"_id": null,
"model": "support assistant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.40"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.20"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.3.2"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.1"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.0"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.1"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.0"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.0.4"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.2.3"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.7"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.6"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.5"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.2"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.6"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.3.01"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "sametime proxy server and web client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"_id": null,
"model": "sametime proxy server and web client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.01"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational requirements composer ifix1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.04"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.3"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "omnifind enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "lotus widget factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "lotus mashups",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"_id": null,
"model": "lotus mashups",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.2"
},
{
"_id": null,
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "integration bus for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"_id": null,
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "infosphere guardium data redaction",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5"
},
{
"_id": null,
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"_id": null,
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.02"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "forms experience builder",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "forms experience builder",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9848-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9848-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9846-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9846-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem 9843-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8400"
},
{
"_id": null,
"model": "filenet services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "filenet p8 application engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.5"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.4"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.3"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.2"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"_id": null,
"model": "filenet content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "filenet collaboration services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.2"
},
{
"_id": null,
"model": "filenet business process framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"_id": null,
"model": "endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.122"
},
{
"_id": null,
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.11"
},
{
"_id": null,
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.19"
},
{
"_id": null,
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"_id": null,
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.19"
},
{
"_id": null,
"model": "content manager services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "content manager services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "content integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "content integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "content foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.3"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.2"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.5"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.3"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "usg9580 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "usg9560 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "usg9520 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "eudemon8000e-x8 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "eudemon8000e-x3 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "eudemon8000e-x16 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "espace meeting portal v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "anyoffice v200r002c10spc500",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8080"
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8060"
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8030"
},
{
"_id": null,
"model": "antiddos 500-d v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "1550"
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "1520"
},
{
"_id": null,
"model": "sitescope monitors 11.32ip1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "sitescope monitors",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"_id": null,
"model": "sdn van controller",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.5"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "ucosminexus service platform (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service architect (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0109-50"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus developer (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus developer (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server-r (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server-r (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "programming environment for java (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "programming environment for java (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-10-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-10"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-02-04"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-05"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-04"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-06"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-03"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-02"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-01"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-06"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-02"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-01"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-12"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-11"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-10"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-09"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-08"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-07"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-06"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-04"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-03"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-07"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-06"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-05"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-04"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-03"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-02"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-02"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-02"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-02"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "cosminexus component container (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "cosminexus component container (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-08"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-08"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-01"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip webaccelerator hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip psm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip pem hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip ltm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip link controller hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip link controller hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip gtm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip gtm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.40"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip asm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip analytics hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip analytics hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip analytics 11.0.0-hf2",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.0"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip afm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.02"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.01"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.2"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.1"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.3"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "5.0"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat 8.0.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "20"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.41"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.14"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.10"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.7"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.12"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.13"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"_id": null,
"model": "vcenter server update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.52"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.8.2"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.7.3"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"_id": null,
"model": "jboss a-mq",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"_id": null,
"model": "urbancode release",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.4"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.14"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1200"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2000"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.8"
},
{
"_id": null,
"model": "infosphere guardium data redaction",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.1"
},
{
"_id": null,
"model": "filenet business process framework",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.10"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.123"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.12"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.110"
},
{
"_id": null,
"model": "dataquant",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2"
},
{
"_id": null,
"model": "dataquant",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.20"
},
{
"_id": null,
"model": "connections cr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "espace meeting portal v100r001c00spc303",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "anyoffice v200r002c10l00422",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "antiddos v100r001c00sph503",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "8000"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"_id": null,
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.2"
},
{
"_id": null,
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"_id": null,
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.4"
},
{
"_id": null,
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16.1"
}
],
"sources": [
{
"db": "BID",
"id": "65400"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "126754"
},
{
"db": "PACKETSTORM",
"id": "126404"
}
],
"trust": 0.5
},
"cve": "CVE-2014-0050",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0050",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0050",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0050",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"description": {
"_id": null,
"data": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. \nThe following products are vulnerable:\nApache Commons FileUpload 1.0 through versions 1.3\nApache Tomcat 8.0.0-RC1 through versions 8.0.1\nApache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: December 15, 2014\n Bugs: #442014, #469434, #500600, #511762, #517630, #519590\n ID: 201412-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich may result in Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat \u003c 7.0.56 *\u003e= 6.0.41\n \u003e= 7.0.56\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.41\"\n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.56\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2733\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733\n[ 2 ] CVE-2012-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544\n[ 3 ] CVE-2012-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546\n[ 4 ] CVE-2012-4431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431\n[ 5 ] CVE-2012-4534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534\n[ 6 ] CVE-2012-5885\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885\n[ 7 ] CVE-2012-5886\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886\n[ 8 ] CVE-2012-5887\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887\n[ 9 ] CVE-2013-2067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067\n[ 10 ] CVE-2013-2071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071\n[ 11 ] CVE-2013-4286\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286\n[ 12 ] CVE-2013-4322\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322\n[ 13 ] CVE-2013-4590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590\n[ 14 ] CVE-2014-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033\n[ 15 ] CVE-2014-0050\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050\n[ 16 ] CVE-2014-0075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075\n[ 17 ] CVE-2014-0096\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096\n[ 18 ] CVE-2014-0099\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099\n[ 19 ] CVE-2014-0119\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-29.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Summary\n\n VMware has updated vSphere third party libraries\n\n2. Relevant releases\n\n \n VMware vCenter Server 5.5 prior to Update 2\n\n VMware vCenter Update Manager 5.5 prior to Update 2\n\n VMware ESXi 5.5 without patch ESXi550-201409101-SG\n\n\n3. Problem Description\n\n a. vCenter Server Apache Struts Update\n\n The Apache Struts library is updated to address a security issue. \n\n This issue may lead to remote code execution after authentication. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2014-0114 to this issue. \n\n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning\tReplace with/\n Product Version\ton\t Apply Patch\n ============= =======\t=======\t=================\n vCenter Server 5.5 any 5.5 Update 2\n vCenter Server 5.1 any Patch Pending\n vCenter Server 5.0 any Patch Pending\n\n b. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and \n CVE-2014-0050 to these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning Replace with/\n Product Version\ton\t Apply Patch\n ============= =======\t======= =================\n vCenter Server 5.5 any 5.5 Update 2\n vCenter Server 5.1 any Patch Pending\n vCenter Server 5.0 any Patch Pending\n \n c. Update to ESXi glibc package\n\n glibc is updated to address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to \n these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning Replace with/\n Product Version\ton\t Apply Patch\n ============= =======\t======= =================\n ESXi 5.5 any ESXi550-201409101-SG\n ESXi 5.1 any Patch Pending\n ESXi 5.0 any Patch Pending\n\nd. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\n Oracle has documented the CVE identifiers that are addressed in \n JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update \n Advisory of April 2014. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning Replace with/\n Product Version\ton Apply Patch\n ============= =======\t======= =================\n vCenter Server 5.5 any 5.5 Update 2\n vCenter Server 5.1 any not applicable *\n vCenter Server 5.0 any not applicable *\n vCenter Update Manager 5.5 any 5.5 Update 2\n vCenter Update Manager 5.1 any not applicable *\n vCenter Update Manager 5.0 any not applicable *\n \n * this product uses the Oracle JRE 1.6.0 family *\n\n4. Solution\n\n Please review the patch/release notes for your product and version \n and verify the checksum of your downloaded file. \n\n \n vCenter Server and Update Manager 5.5u2\n ---------------------------------------\n Downloads and Documentation:\n https://www.vmware.com/go/download-vsphere\n\n ESXi 5.5\n --------\n Download:\n https://www.vmware.com/patchmgr/findPatch.portal\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914\n\n JRE\n ---\n Oracle Java SE Critical Patch Update Advisory of April 2014\n \nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\n\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2014-09-09 VMSA-2014-0008\n Initial security advisory in conjunction with the release of vSphere\n 5.5 Update 2 on 2014-09-09. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324755\nVersion: 1\n\nHPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote\nDenial of Service, Arbitrary Code Execution and Cross-Site Request Forgery\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-04\nLast Updated: 2016-11-04\n\nPotential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary\nCode Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in HPE SiteScope. The\nvulnerabilities could be exploited to allow local elevation of privilege and\nexploited remotely to allow denial of service, arbitrary code execution,\ncross-site request forgery. \n\nReferences:\n\n - CVE-2014-0114 - Apache Struts, execution of arbitrary code\n - CVE-2016-0763 - Apache Tomcat, denial of service (DoS)\n - CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions \n - CVE-2015-3253 - Apache Groovy, execution of arbitrary code \n - CVE-2015-5652 - Python, elevation of privilege\n - CVE-2013-6429 - Spring Framework, cross-site request forgery\n - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)\n - PSRT110264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP SiteScope Monitors Software Series 11.2xa11.32IP1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2013-6429\n 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0050\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0107\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0114\n 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-3253\n 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-5652\n 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\n 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-0763\n 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\n 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided a resolution via an update to HPE SiteScope. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: \u003chttps://softwaresupport.hpe.com\u003e. \n\n\n * Apache Commons FileUpload: KM02550251 (CVE-2014-0050): \n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02550251\u003e\n\n\n * Apache Struts: KM02553983 (CVE-2014-0114):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553983\u003e\n\n\n * Apache Tomcat: KM02553990 (CVE-2016-0763):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553990\u003e\n\n * Apache XML Xalan: KM02553991 (CVE-2014-0107):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553991\u003e\n\n * Apache Groovy: KM02553992 (CVE-2015-3253):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553992\u003e\n\n * Python: KM02553997 (CVE-2015-5652):\n\n *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553997\u003e\n\n * Spring Framework: KM02553998 (CVE-2013-6429):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553998\u003e\n\nHISTORY\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications. \n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files. \n\nThe following security issues are also addressed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. (CVE-2014-0003)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. (CVE-2013-6440)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. By repeatedly sending a request \n for an authenticated resource while the victim is completing the login \n form, an attacker could inject a request that would be executed using the \n victim\u0027s credentials. \n\nCVE-2013-2071\n\n A runtime exception in AsyncListener.onComplete() prevents the request from \n being recycled. This may expose elements of a previous request to a current \n request. \n\nCVE-2013-4322\n\n When processing a request submitted using the chunked transfer encoding, \n Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount \n of data to the server. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.0.28-4+deb7u1. \n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.0.52-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.52-1. \n\nWe recommend that you upgrade your tomcat7 packages. This issue was \n found to be only partially addressed in CVE-2014-0094. \n\n CVE-2014-0050 may lead to a denial of service condition. \n\n vCenter Operations Management Suite (vCOps) is affected by both \n CVE-2014-0112 and CVE-2014-0050. \n\n vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n by CVE-2014-0112. \n\n Workaround\n\n A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager\napplication, access to that functionality is limited to authenticated\nadministrators. \nThis issue was reported responsibly to the Apache Software Foundation\nvia JPCERT but an error in addressing an e-mail led to the unintended\nearly disclosure of this issue[1]. \n\nMitigation:\nUsers of affected versions should apply one of the following mitigations\n- - Upgrade to Apache Commons FileUpload 1.3.1 or later once released\n- - Upgrade to Apache Tomcat 8.0.2 or later once released\n- - Upgrade to Apache Tomcat 7.0.51 or later once released\n- - Apply the appropriate patch\n - Commons FileUpload: http://svn.apache.org/r1565143\n - Tomcat 8: http://svn.apache.org/r1565163\n - Tomcat 7: http://svn.apache.org/r1565169\n- - Limit the size of the Content-Type header to less than 4091 bytes\n\nCredit:\nThis issue was reported to the Apache Software Foundation via JPCERT. \n \n Additionally a build problem with maven was discovered, fixed maven\n packages is also being provided with this advisory. \n\nReferences:\n\n - CVE-2009-5028 - Namazu Remote Denial of Service\n - CVE-2011-4345 - Namazu Cross-site Scripting\n - CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of\nInformation\n - CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information\n - CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2017-5787 - DoS - LINUX VCRM\n - CVE-2016-8517 - SIM\n - CVE-2016-8516 - SIM\n - CVE-2016-8518 - SIM\n - CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM\n - CVE-2016-8515 - Malicious File Upload - Linux VCRM\n - CVE-2016-8514 - Information Disclosure - Linux VCRM\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nIt was found that previous fixes in Tomcat 6 to path parameter handling\nintroduced a regression that caused Tomcat to not properly disable URL\nrewriting to track session IDs when the disableURLRewriting option was\nenabled. A man-in-the-middle attacker could potentially use this flaw to\nhijack a user\u0027s session. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544\n1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled\n1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update\nAdvisory ID: RHSA-2014:0400-03\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html\nIssue date: 2014-04-14\nCVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 \n CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 \n CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 \n CVE-2014-0085 CVE-2014-1904 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal. \n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\nRed Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat\nJBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to\nthe Release Notes document, available from the link in the References\nsection, for a list of changes. \n\n2. Description:\n\nRed Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform. \n\nSecurity fixes:\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nA flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle\nattacker could possibly use this flaw to unilaterally disable bidirectional\nauthentication between a client and a server, forcing a downgrade to simple\n(unidirectional) authentication. This flaw only affected users who have\nenabled Hadoop\u0027s Kerberos security features. (CVE-2013-2192)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. (CVE-2013-4152)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIt was found that the Spring MVC SourceHttpMessageConverter enabled entity\nresolution by default. A remote attacker could use this flaw to conduct XXE\nattacks on web sites, and read files in the context of the user running the\napplication server. (CVE-2013-6429)\n\nThe Spring JavaScript escape method insufficiently escaped some characters. \nApplications using this method to escape user-supplied content, which would\nbe rendered in HTML5 documents, could be exposed to cross-site scripting\n(XSS) flaws. (CVE-2013-6430)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. (CVE-2014-0050)\n\nIt was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues\nin Spring were incomplete. Spring MVC processed user-provided XML and\nneither disabled XML external entities nor provided an option to disable\nthem, possibly allowing a remote attacker to conduct XXE attacks. \n(CVE-2014-0054)\n\nA cross-site scripting (XSS) flaw was found in the Spring Framework when\nusing Spring MVC. When the action was not specified in a Spring form, the\naction field would be populated with the requested URI, allowing an\nattacker to inject malicious content into the form. (CVE-2014-1904)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp when the native libraries were bundled in a JAR file, and no custom\nlibrary path was specified. A local attacker could overwrite these native\nlibraries with malicious versions during the window between when HawtJNI\nwrites them and when they are executed. (CVE-2013-2035)\n\nAn information disclosure flaw was found in the way Apache Zookeeper stored\nthe password of an administrative user in the log files. A local user with\naccess to these log files could use the exposed sensitive information to\ngain administrative access to an application using Apache Zookeeper. \n(CVE-2014-0085)\n\nThe CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and\nArun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035\nissue was discovered by Florian Weimer of the Red Hat Product Security\nTeam, and the CVE-2014-0085 issue was discovered by Graeme Colman of\nRed Hat. \n\n3. Solution:\n\nAll users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution\n999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing\n1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw\n1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability\n1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters\n1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack\n1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging\n1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC\n1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-2035.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2172.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2192.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4152.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4517.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6429.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6430.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0050.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0054.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0085.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-1904.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=6.1.0\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0\n4iA38miFgmWgRtUp0Xztb6E=\n=/1+z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat\n internals information by leveraging the presence of an untrusted web\n application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\n document containing an external entity declaration in conjunction\n with an entity reference, related to an XML External Entity (XXE)\n issue (CVE-2013-4590). The verification\n of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides\norganizations with a single deployment platform for Java Server Pages (JSP)\nand Java Servlet technologies, PHP, and CGI. It uses a genuine high\nperformance hybrid technology that incorporates the best of the most recent\nOS technologies for processing high volume data, while keeping all the\nreference Java specifications. \n\nApache Commons FileUpload package makes it easy to add robust,\nhigh-performance, file upload capability to servlets and web applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "PACKETSTORM",
"id": "125119"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "PACKETSTORM",
"id": "128211"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126404"
},
{
"db": "PACKETSTORM",
"id": "126052"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "127215"
},
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "PACKETSTORM",
"id": "125109"
},
{
"db": "PACKETSTORM",
"id": "125687"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "126754"
}
],
"trust": 2.7
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=31615",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0050",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN14876762",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-015",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-017",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-016",
"trust": 1.4
},
{
"db": "BID",
"id": "65400",
"trust": 1.4
},
{
"db": "PACKETSTORM",
"id": "127215",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "59232",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59399",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59185",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59187",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59039",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59500",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59184",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60475",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59041",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59183",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58075",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58976",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59492",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59725",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60753",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57915",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017",
"trust": 1.1
},
{
"db": "HITACHI",
"id": "HS14-008",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "31615",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126007",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131089",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141092",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125687",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125109",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126754",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126052",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126404",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128211",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129553",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "125687"
},
{
"db": "PACKETSTORM",
"id": "125109"
},
{
"db": "PACKETSTORM",
"id": "126754"
},
{
"db": "PACKETSTORM",
"id": "125119"
},
{
"db": "PACKETSTORM",
"id": "127215"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "126052"
},
{
"db": "PACKETSTORM",
"id": "126404"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "128211"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"id": "VAR-201404-0585",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41471650857142855
},
"last_update_date": "2026-03-09T21:05:21.141000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian Security Advisories: DSA-2856-1 libcommons-fileupload-java -- denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=642945afda91c20bf7efbc771575262b"
},
{
"title": "Amazon Linux AMI: ALAS-2014-312",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-312"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2130-1"
},
{
"title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57"
},
{
"title": "Debian Security Advisories: DSA-2897-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2d279d06ad61c5b596d45790e28df427"
},
{
"title": "Debian CVElist Bug Report Logs: tomcat7: CVE-2013-2071",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94f2b1959436d579ea8b492b708008b8"
},
{
"title": "Amazon Linux AMI: ALAS-2014-344",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-344"
},
{
"title": "Symantec Security Advisories: SA100 : Apache Tomcat Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=94a4a81a426ea8a524a402abe366c375"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Shiverino/NPE2223 "
},
{
"title": "cve-2014-0050",
"trust": 0.1,
"url": "https://github.com/jrrdev/cve-2014-0050 "
},
{
"title": "victims-version-search",
"trust": 0.1,
"url": "https://github.com/adedov/victims-version-search "
},
{
"title": "-maven-security-versions",
"trust": 0.1,
"url": "https://github.com/nagauker/-maven-security-versions "
},
{
"title": "maven-security-versions-Travis",
"trust": 0.1,
"url": "https://github.com/klee94/maven-security-versions-Travis "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/alexsh88/victims "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/tmpgit3000/victims "
},
{
"title": "maven-security-versions",
"trust": 0.1,
"url": "https://github.com/victims/maven-security-versions "
},
{
"title": "CDL",
"trust": 0.1,
"url": "https://github.com/NCSU-DANCE-Research-Group/CDL "
},
{
"title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications",
"trust": 0.1,
"url": "https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0400.html"
},
{
"trust": 1.4,
"url": "http://jvn.jp/en/jp/jvn14876762/index.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-016/index.html"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-017/index.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-015/index.html"
},
{
"trust": 1.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0253.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0252.html"
},
{
"trust": 1.3,
"url": "http://advisories.mageia.org/mgasa-2014-0110.html"
},
{
"trust": 1.2,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.2,
"url": "http://svn.apache.org/r1565143"
},
{
"trust": 1.2,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000017"
},
{
"trust": 1.1,
"url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57915"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58976"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59232"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59183"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59500"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58075"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59187"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59041"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59185"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59492"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65400"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59039"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59725"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59399"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59184"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60475"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60753"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2130-1"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2014/dsa-2856"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202107-39"
},
{
"trust": 1.1,
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3c52f373fc.9030907%40apache.org%3e"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0050.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0373.html"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0525.html"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0527.html"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100179973"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2014/feb/41"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://commons.apache.org/proper/commons-fileupload//"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668731"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004740"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/jun/151"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0401.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680564"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100178813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682645"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21669383"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675470"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671261"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-008/index.html"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04657823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680714"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037189"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671330"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673004"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0459.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0526.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0528.html"
},
{
"trust": 0.3,
"url": "https://launchpad.support.sap.com/#/notes/2629535"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=497256000"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=495289255"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0429.html"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-350733.htm"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678364"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678373"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684861"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684286"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672321"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681214,swg21680564"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670373"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670400"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682055"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688411"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670769"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680366"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671527"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666799"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674439"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673701"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672717"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667254"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673260"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673682"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673581"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004858"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004859"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672032"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669020"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671201"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671653"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668978"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671684"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4286.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.3,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6429"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4322.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877"
},
{
"trust": 0.2,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://twitter.com/vmwaresrc"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/support/policies/lifecycle.html"
},
{
"trust": 0.2,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.2,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2071"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2067"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://github.com/shiverino/npe2223"
},
{
"trust": 0.1,
"url": "https://github.com/jrrdev/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/31615/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32760"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2130-1/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=securitypatches\u0026version=6.0.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite\u0026downloadtype=securitypatches\u0026version=6.0.1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0149.html"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0268.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-1904.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/red_hat_jboss_fuse/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6430.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4517.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2172"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6429.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1904"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2035"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4152.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2172.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=6.1.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0054.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0085.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0085"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2035.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2192.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0054"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0033.html"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356363\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4345"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5556"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356388\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-5028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5541"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917\u003e"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05390722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5125"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0109.html"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/r1565163"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/r1565169"
},
{
"trust": 0.1,
"url": "http://www.enigmail.net/"
},
{
"trust": 0.1,
"url": "http://markmail.org/message/kpfl7ax4el2owb3o"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/2081470"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/go/download-vcops"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0002"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-7285.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.mq.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0002.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.esb.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0452.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6440.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0003.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6440"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com\u003e."
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0242"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1914"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0242"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/patchmgr/findpatch.portal"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1914"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/go/download-vsphere"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5885"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0033"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-29.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5887"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4431"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0050"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2733"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3544"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2071"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4322"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5886"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4590"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2733"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4431"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4534"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "125687"
},
{
"db": "PACKETSTORM",
"id": "125109"
},
{
"db": "PACKETSTORM",
"id": "126754"
},
{
"db": "PACKETSTORM",
"id": "125119"
},
{
"db": "PACKETSTORM",
"id": "127215"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "126052"
},
{
"db": "PACKETSTORM",
"id": "126404"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "128211"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0050",
"ident": null
},
{
"db": "BID",
"id": "65400",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126007",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "131089",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126144",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126746",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141092",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125687",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125109",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126754",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125119",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127215",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140605",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126052",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126404",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139721",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128211",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129553",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0050",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0050",
"ident": null
},
{
"date": "2014-02-06T00:00:00",
"db": "BID",
"id": "65400",
"ident": null
},
{
"date": "2014-04-03T14:56:00",
"db": "PACKETSTORM",
"id": "126007",
"ident": null
},
{
"date": "2015-03-30T21:20:12",
"db": "PACKETSTORM",
"id": "131089",
"ident": null
},
{
"date": "2014-04-14T22:28:46",
"db": "PACKETSTORM",
"id": "126144",
"ident": null
},
{
"date": "2014-05-22T01:43:07",
"db": "PACKETSTORM",
"id": "126746",
"ident": null
},
{
"date": "2017-02-15T00:39:05",
"db": "PACKETSTORM",
"id": "141092",
"ident": null
},
{
"date": "2014-03-13T21:19:37",
"db": "PACKETSTORM",
"id": "125687",
"ident": null
},
{
"date": "2014-02-07T04:32:05",
"db": "PACKETSTORM",
"id": "125109",
"ident": null
},
{
"date": "2014-05-22T01:44:32",
"db": "PACKETSTORM",
"id": "126754",
"ident": null
},
{
"date": "2014-02-10T23:22:06",
"db": "PACKETSTORM",
"id": "125119",
"ident": null
},
{
"date": "2014-06-25T21:34:12",
"db": "PACKETSTORM",
"id": "127215",
"ident": null
},
{
"date": "2017-01-19T13:56:50",
"db": "PACKETSTORM",
"id": "140605",
"ident": null
},
{
"date": "2014-04-08T21:21:55",
"db": "PACKETSTORM",
"id": "126052",
"ident": null
},
{
"date": "2014-05-01T02:11:10",
"db": "PACKETSTORM",
"id": "126404",
"ident": null
},
{
"date": "2016-11-15T00:42:48",
"db": "PACKETSTORM",
"id": "139721",
"ident": null
},
{
"date": "2014-09-11T21:08:01",
"db": "PACKETSTORM",
"id": "128211",
"ident": null
},
{
"date": "2014-12-15T20:00:49",
"db": "PACKETSTORM",
"id": "129553",
"ident": null
},
{
"date": "2014-04-01T06:27:51.373000",
"db": "NVD",
"id": "CVE-2014-0050",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0050",
"ident": null
},
{
"date": "2018-07-12T06:00:00",
"db": "BID",
"id": "65400",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0050",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "126754"
}
],
"trust": 0.4
},
"title": {
"_id": null,
"data": "Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "65400"
}
],
"trust": 0.3
},
"type": {
"_id": null,
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "65400"
}
],
"trust": 0.3
}
}
VAR-200906-0603
Vulnerability from variot - Updated: 2026-03-09 21:03Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following versions of Apache Tomcat are vulnerable: 6.0.0-6.0.18 5.5.0-5.5.27 4.1.0-4.1.39. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0016 Synopsis: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Issue date: 2009-11-20 Updated on: 2009-11-20 (initial release of advisory) CVE numbers: --- JRE --- CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718 CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724 --- Tomcat --- CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 --- ntp --- CVE-2009-1252 CVE-2009-0159 --- kernel --- CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778 CVE-2008-4307 CVE-2009-0834 CVE-2009-1337 CVE-2009-0787 CVE-2009-1336 CVE-2009-1439 CVE-2009-1633 CVE-2009-1072 CVE-2009-1630 CVE-2009-1192 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 CVE-2009-2692 CVE-2009-2698 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 --- python --- CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 --- bind --- CVE-2009-0696 --- libxml and libxml2 --- CVE-2009-2414 CVE-2009-2416 --- curl -- CVE-2009-2417 --- gnutil --- CVE-2007-2052
- Summary
Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds.
- Relevant releases
vCenter Server 4.0 before Update 1
ESXi 4.0 without patch ESXi400-200911201-UG
ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG, ESX400-200911232-SG, ESX400-200911233-SG, ESX400-200911234-SG, ESX400-200911235-SG, ESX400-200911237-SG, ESX400-200911238-SG
vMA 4.0 before patch 02
- Problem Description
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
Server 2.0 any affected, patch pending
Server 1.0 any not affected
ACE any any not affected
Fusion any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2 *
-
vMA JRE is updated to version JRE 1.5.0_21
Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of JRE depends on your patch deployment history.
b.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ======== ======== ======= ======================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
ACE any Windows not affected
Server 2.x any affected, patch pending Server 1.x any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
The currently installed version of Tomcat depends on
your patch deployment history.
c. Third party library update for ntp.
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0.
The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.0 ESXi ESXi400-200911201-UG
ESXi 3.5 ESXi affected, patch pending
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. Service Console update for ntp
Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
The Service Console present in ESX is affected by the following security issues.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
NTP authentication is not enabled by default on the Service Console.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue.
The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911238-SG
ESX 3.5 ESX affected, patch pending **
ESX 3.0.3 ESX affected, patch pending **
ESX 2.5.5 ESX affected, patch pending **
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not affected by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5.
e. Updated Service Console package kernel
Updated Service Console package kernel addresses the security
issues below.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,
CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,
CVE-2009-0778 to the security issues fixed in kernel
2.6.18-128.1.6.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,
CVE-2009-0787, CVE-2009-1336 to the security issues fixed in
kernel 2.6.18-128.1.10.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,
CVE-2009-1630, CVE-2009-1192 to the security issues fixed in
kernel 2.6.18-128.1.14.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,
CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the
security issues fixed in kernel 2.6.18-128.4.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2692, CVE-2009-2698 to the
security issues fixed in kernel 2.6.18-128.7.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,
CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues
fixed in kernel 2.6.18-164.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911201-UG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 Patch 2 **
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** vMA is updated to kernel version 2.6.18-164.
f. Updated Service Console package python
Service Console package Python update to version 2.4.3-24.el5.
When the assert() system call was disabled, an input sanitization
flaw was revealed in the Python string object implementation that
led to a buffer overflow. The missing check for negative size values
meant the Python memory allocator could allocate less memory than
expected. This could result in arbitrary code execution with the
Python interpreter's privileges.
Multiple buffer and integer overflow flaws were found in the Python
Unicode string processing and in the Python Unicode and string
object implementations. An attacker could use these flaws to cause
a denial of service.
Multiple integer overflow flaws were found in the Python imageop
module. If a Python application used the imageop module to
process untrusted images, it could cause the application to
disclose sensitive information, crash or, potentially, execute
arbitrary code with the Python interpreter's privileges.
Multiple integer underflow and overflow flaws were found in the
Python snprintf() wrapper implementation. An attacker could use
these flaws to cause a denial of service (memory corruption).
Multiple integer overflow flaws were found in various Python
modules. An attacker could use these flaws to cause a denial of
service.
An integer signedness error, leading to a buffer overflow, was
found in the Python zlib extension module. If a Python application
requested the negative byte count be flushed for a decompression
stream, it could cause the application to crash or, potentially,
execute arbitrary code with the Python interpreter's privileges.
A flaw was discovered in the strxfrm() function of the Python
locale module. Strings generated by this function were not properly
NULL-terminated, which could possibly cause disclosure of data
stored in the memory of a Python application using this function.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143
CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911235-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. Updated Service Console package bind
Service Console package bind updated to version 9.3.6-4.P1.el5
The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server
(named); a resolver library (routines for applications to use when
interfacing with DNS); and tools for verifying that the DNS server
is operating correctly.
A flaw was found in the way BIND handles dynamic update message
packets containing the "ANY" record type. A remote attacker could
use this flaw to send a specially-crafted dynamic update packet
that could cause named to exit with an assertion failure.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0696 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911237-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
h. Updated Service Console package libxml2
Service Console package libxml2 updated to version 2.6.26-2.1.2.8.
libxml is a library for parsing and manipulating XML files. A
Document Type Definition (DTD) defines the legal syntax (and also
which elements can be used) for certain types of files, such as XML
files.
A stack overflow flaw was found in the way libxml processes the
root XML document element definition in a DTD. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
Multiple use-after-free flaws were found in the way libxml parses
the Notation and Enumeration attribute types. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2414 and CVE-2009-2416 to these
issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911234-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
i. Updated Service Console package curl
Service Console package curl updated to version 7.15.5-2.1.el5_3.5
A cURL is affected by the previously published "null prefix attack",
caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker
could use the certificate during a man-in-the-middle attack and
potentially confuse cURL into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2417 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911232-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
j. Updated Service Console package gnutls
Service Console package gnutil updated to version 1.4.1-3.el5_3.5
A flaw was discovered in the way GnuTLS handles NULL characters in
certain fields of X.509 certificates. If an attacker is able to get
a carefully-crafted certificate signed by a Certificate Authority
trusted by an application using GnuTLS, the attacker could use the
certificate during a man-in-the-middle attack and potentially
confuse the application into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2730 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911233-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
VMware vCenter Server 4 Update 1
Version 4.0 Update 1 Build Number 208156 Release Date 2009/11/19 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware vCenter Server 4 and modules File size: 1.8 GB File type: .iso MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5 SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1
VMware vCenter Server 4 and modules File size: 1.5 GB File type: .zip MD5SUM: f843d9c19795eb3bc5a77f5c545468a8 SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c
VMware vSphere Client and Host Update Utility File size: 113.8 MB File type: .exe MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9 SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959
VMware vCenter Converter BootCD File size: 98.8 MB File type: .zip MD5SUM: 3df94eb0e93de76b0389132ada2a3799 SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c
VMware vCenter Converter CLI (Linux) File size: 36.9 MB File type: .tar.gz MD5SUM: 3766097563936ba5e03e87e898f6bd48 SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4
ESXi 4.0 Update 1
ESXi400-200911201-UG
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip md5sum:c6fdd6722d9e5cacb280bdcc2cca0627 sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e http://kb.vmware.com/kb/1014886
NOTE: The three ESXi patches for Firmware, VMware Tools, and the VI Client "C" are contained in a single download file.
ESX 4.0 Update 1
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip md5sum: 68934321105c34dcda4cbeeab36a2b8f sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b http://kb.vmware.com/kb/1014842
To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG -b ESX400-200911233-SG update
- References
CVE numbers --- JRE --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 --- Tomcat --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 --- ntp --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 --- kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 --- python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 --- bind --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 --- libxml and libxml2 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 --- curl -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 --- gnutil --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
- Change log
2009-11-20 VMSA-2009-0016 Initial security advisory after release of vCenter 4.0 Update 1 and ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/lifecycle/
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+ dtoAniXz+9xLskrkPr3oUzAcDeV729WG =wSRz -----END PGP SIGNATURE----- .
For the oldstable distribution (lenny), this problem has been fixed in version 5.5.26-5lenny2.
The stable distribution (squeeze) no longer contains tomcat5.5. tomcat6 is already fixed.
The unstable distribution (sid) no longer contains tomcat5.5. tomcat6 is already fixed. =========================================================== Ubuntu Security Notice USN-788-1 June 15, 2009 tomcat6 vulnerabilities CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10 Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.10: libtomcat6-java 6.0.18-0ubuntu3.2 tomcat6-examples 6.0.18-0ubuntu3.2
Ubuntu 9.04: libtomcat6-java 6.0.18-0ubuntu6.1 tomcat6-examples 6.0.18-0ubuntu6.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. (CVE-2008-5515)
Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could exploit this in order to enumerate valid usernames. (CVE-2009-0580)
Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files. (CVE-2009-0783)
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz
Size/MD5: 22010 87c6105cd78ea5a8dbf62054fc4ba0aa
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc
Size/MD5: 1378 823c008ffc927c0f3f5686fc6f5188d0
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 174164 dd24331b2709bd6641b4055d0b052eae
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 2961944 63c8c3e0300ed70a240b79ddd3299efb
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 37370 b9b1bd6dc9cfb52107811295401c09e4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 53488 5006e5c394ec815f6d36c335d9f0abaf
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 714516 768cacbb74453b1a2a49e55d61b7bedd
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 419180 0663de0611fb9792d44aebad8aa24cc4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 18612 95544319007f1f90321469c5d314c72e
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb
Size/MD5: 24156 9f4d7a0671e9330ff2fa1a1c13a20c58
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz
Size/MD5: 24779 221e0f51259495fd01da2a6b67358b17
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc
Size/MD5: 1411 e3bac3c39b2e6db3267699a533b17add
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 246196 54e990e7893923b8b6df4bcce9f3ba22
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 172500 abf989790a45def65d5de9a7f9b010df
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 2846254 c1c0180751500ce58c51b97de9f2d6d9
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 37874 e7d401faba215af22ecff31b4a675fad
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 53184 194153ab21adac9a47baaf92ea8d2acb
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 714212 d52e9abc75108a8f059346e09d47b511
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 418316 3a7110c9da4bd72a7019cbb75651da73
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 20520 ea5e54c91e7055e281d61e63f0e140f2
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb
Size/MD5: 24952 ec80f910d6c8e606c090ba8dd737bc4c
. Please review the CVE identifiers referenced below for details.
Impact
The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server's hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35"
All Apache Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23"
References
[ 1 ] CVE-2008-5515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515 [ 2 ] CVE-2009-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033 [ 3 ] CVE-2009-0580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580 [ 4 ] CVE-2009-0781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781 [ 5 ] CVE-2009-0783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783 [ 6 ] CVE-2009-2693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693 [ 7 ] CVE-2009-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901 [ 8 ] CVE-2009-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902 [ 9 ] CVE-2010-1157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157 [ 10 ] CVE-2010-2227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227 [ 11 ] CVE-2010-3718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718 [ 12 ] CVE-2010-4172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172 [ 13 ] CVE-2010-4312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312 [ 14 ] CVE-2011-0013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013 [ 15 ] CVE-2011-0534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534 [ 16 ] CVE-2011-1088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088 [ 17 ] CVE-2011-1183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183 [ 18 ] CVE-2011-1184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184 [ 19 ] CVE-2011-1419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419 [ 20 ] CVE-2011-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475 [ 21 ] CVE-2011-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582 [ 22 ] CVE-2011-2204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204 [ 23 ] CVE-2011-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481 [ 24 ] CVE-2011-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526 [ 25 ] CVE-2011-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729 [ 26 ] CVE-2011-3190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190 [ 27 ] CVE-2011-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375 [ 28 ] CVE-2011-4858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858 [ 29 ] CVE-2011-5062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062 [ 30 ] CVE-2011-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063 [ 31 ] CVE-2011-5064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064 [ 32 ] CVE-2012-0022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . NOTE: this issue exists because of an incomplete fix for CVE-2007-3385 (CVE-2007-5333).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a \% (percent) value for the j_password parameter (CVE-2009-0580).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783). (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply (CVE-2010-1157).
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with recycling of a buffer. (CVE-2010-2227)
Packages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227
Updated Packages:
Mandriva Linux 2008.0: b7ec529ef67655e138bb9845381dafe0 2008.0/i586/tomcat5-5.5.23-9.2.10.3mdv2008.0.i586.rpm 7480f62988c594c5e963968a5d8a760c 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.3mdv2008.0.i586.rpm 81f00d0be9c8fad809640b83015fd73e 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.3mdv2008.0.i586.rpm 5e2b03d332177ca8f1b59b672e568028 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.3mdv2008.0.i586.rpm fd942acf4a4b56c678cf8dc46b3cf23b 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.3mdv2008.0.i586.rpm 482cfd3a9f47ccfc8ed33e29918bd131 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.3mdv2008.0.i586.rpm 97a9df65785526f25233c22c1c077eab 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.3mdv2008.0.i586.rpm cb9a2042c893f1818bef3fdec427da8b 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.3mdv2008.0.i586.rpm 41e632f8c33e4c0d0d8106fbd4b1448f 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.3mdv2008.0.i586.rpm 9c9ae10e58d6cf12b64400d3ba3c8895 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.3mdv2008.0.i586.rpm 9967a35bf6a073e8a8509da3c5a42559 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.3mdv2008.0.i586.rpm 723023ef6f65aee545713e42809d5b86 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 4b424c91fb912dc8d58ecfaf887a730c 2008.0/x86_64/tomcat5-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm ca5003fcc1480d072729f2e3a01f374c 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm 83c84b3c3543e561be43c439931432e5 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm e2a2adee1147b24791cdbc9612bbf812 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm a31a7de061b6d692924e2be3b3ee2a9c 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm 42dff6a2eecaeb735dae70ffa28bfd83 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm 31da50a7f741eee25f7d3920ece1531c 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm 1670728be5615301bb60b2b01b993a1e 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm ee4c0935479f16f258c78ba2c5225e84 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm 3383de2b3f2953ee01020d9b502900b3 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm b4fcecfae58187c2e0f644f569969ca6 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm 723023ef6f65aee545713e42809d5b86 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.3mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMjL+MmqjQ0CJFipgRAu5tAJ9opOdrTTLzYdyAcuZx+7WfwtcLbQCeOTn4 cZE6uUZ95kih/bicVxL4f/c= =OWxp -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01908935 Version: 1
HPSBUX02466 SSRT090192 rev.1 - HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-10-21 Last Updated: 2009-10-21
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. Tomcat-based Servlet Engine is contained in the Apache Web Server Suite.
References: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23 and B.11.31 running Tomcat-based Servlet Engine v5.5.27.02 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location:
URL http://software.hp.com
Note: Both HP-UX Web Server Suite v3.06 and v2.27 contain HP-UX Tomcat-based Servlet Engine v5.5.27.03
Web Server Suite HP-UX Release Apache Depot name
Tomcat-based Servlet Engine v5.5.27.03 B.11.23 and B.11.31 PA-32 HPUX22SATW-1123-32.depot
B.11.23 and B.11.31 IA-64 HPUX22SATW-1123-64.depot
B.11.11 PA-32 HPUXSATW-1111-64-32.depot
B.11.23 PA-32 and IA-64 HPUXWSATW-1123-64-bit.depot
B.11.31 IA-32 and IA-64 HPUXSATW-1131-64.depot
MANUAL ACTIONS: Yes - Update
Install Tomcat-based Servlet Engine from the Apache Web Server Suite v5.5.27.03 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
hpuxwsTOMCAT.TOMCAT action: install revision B.5.5.27.03 or subsequent
HP-UX B.11.23
hpuxws22TOMCAT.TOMCAT action: install revision B.5.5.27.03 or subsequent
HP-UX B.11.31
hpuxws22TOMCAT.TOMCAT action: install revision B.5.5.27.03 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 21 October 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "4.1.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.6"
},
{
"_id": null,
"model": "virtualcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.55"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.52"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.51"
},
{
"_id": null,
"model": "virtualcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.25"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.24"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.23"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.22"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.21"
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.1"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.2"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.1"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 117",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 116",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 115",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 114",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 113",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 112",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "blackberry enterprise server for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "blackberry enterprise server for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "blackberry enterprise server express for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "red hat network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)5.1"
},
{
"_id": null,
"model": "network satellite",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "45.3"
},
{
"_id": null,
"model": "network satellite",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "45.2"
},
{
"_id": null,
"model": "jboss enterprise web server el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.3"
},
{
"_id": null,
"model": "jboss enterprise application platform el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.3"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.3"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "jboss enterprise application platform el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "enterprise linux eus 5.3.z server",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "developer suite as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "application server ws4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"_id": null,
"model": "application server es4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"_id": null,
"model": "application server as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "tivoli netcool/webtop fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.19"
},
{
"_id": null,
"model": "tivoli netcool/webtop fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.15"
},
{
"_id": null,
"model": "tivoli netcool/webtop fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.14"
},
{
"_id": null,
"model": "tivoli netcool/webtop",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "rational quality manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.21"
},
{
"_id": null,
"model": "performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.20"
},
{
"_id": null,
"model": "performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.10"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.22"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.21"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.18"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.17"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.12"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.10"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.2.1"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.2"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1.1"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.1.2"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.1.1"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.1"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.0.1"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "2.0"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.2"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.56"
},
{
"_id": null,
"model": "vcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.01"
},
{
"_id": null,
"model": "opensolaris build snv 118",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "tivoli netcool/webtop fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.110"
},
{
"_id": null,
"model": "rational quality manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.13"
},
{
"_id": null,
"model": "coat systems intelligence center",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "3.2.2.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.40"
}
],
"sources": [
{
"db": "BID",
"id": "35263"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"credits": {
"_id": null,
"data": "Iida Minehiko",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
}
],
"trust": 0.6
},
"cve": "CVE-2008-5515",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2008-5515",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-5515",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200906-265",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-5515",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"description": {
"_id": null,
"data": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat is prone to a remote information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks. \nThe following versions of Apache Tomcat are vulnerable:\n6.0.0-6.0.18\n5.5.0-5.5.27\n4.1.0-4.1.39. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0016\nSynopsis: VMware vCenter and ESX update release and vMA patch\n release address multiple security issue in third\n party components\nIssue date: 2009-11-20\nUpdated on: 2009-11-20 (initial release of advisory)\nCVE numbers: --- JRE ---\n CVE-2009-1093 CVE-2009-1094 CVE-2009-1095\n CVE-2009-1096 CVE-2009-1097 CVE-2009-1098\n CVE-2009-1099 CVE-2009-1100 CVE-2009-1101\n CVE-2009-1102 CVE-2009-1103 CVE-2009-1104\n CVE-2009-1105 CVE-2009-1106 CVE-2009-1107\n CVE-2009-2625 CVE-2009-2670 CVE-2009-2671\n CVE-2009-2672 CVE-2009-2673 CVE-2009-2675\n CVE-2009-2676 CVE-2009-2716 CVE-2009-2718\n CVE-2009-2719 CVE-2009-2720 CVE-2009-2721\n CVE-2009-2722 CVE-2009-2723 CVE-2009-2724\n --- Tomcat ---\n CVE-2008-5515 CVE-2009-0033 CVE-2009-0580\n CVE-2009-0781 CVE-2009-0783 CVE-2008-1232\n CVE-2008-1947 CVE-2008-2370 CVE-2007-5333\n CVE-2007-5342 CVE-2007-5461 CVE-2007-6286\n CVE-2008-0002\n --- ntp ---\n CVE-2009-1252 CVE-2009-0159\n --- kernel ---\n CVE-2008-3528 CVE-2008-5700 CVE-2009-0028\n CVE-2009-0269 CVE-2009-0322 CVE-2009-0675\n CVE-2009-0676 CVE-2009-0778 CVE-2008-4307\n CVE-2009-0834 CVE-2009-1337 CVE-2009-0787\n CVE-2009-1336 CVE-2009-1439 CVE-2009-1633\n CVE-2009-1072 CVE-2009-1630 CVE-2009-1192\n CVE-2007-5966 CVE-2009-1385 CVE-2009-1388\n CVE-2009-1389 CVE-2009-1895 CVE-2009-2406\n CVE-2009-2407 CVE-2009-2692 CVE-2009-2698\n CVE-2009-0745 CVE-2009-0746 CVE-2009-0747\n CVE-2009-0748 CVE-2009-2847 CVE-2009-2848\n --- python ---\n CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142\n CVE-2008-3143 CVE-2008-3144 CVE-2008-4864\n CVE-2008-5031\n --- bind ---\n CVE-2009-0696\n --- libxml and libxml2 ---\n CVE-2009-2414 CVE-2009-2416\n --- curl --\n CVE-2009-2417\n --- gnutil ---\n CVE-2007-2052\n- -----------------------------------------------------------------------\n\n1. Summary\n\n Updated Java JRE packages and Tomcat packages address several security\n issues. Updates for the ESX Service Console and vMA include kernel,\n ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is\n also updated for ESXi userworlds. \n\n2. Relevant releases\n\n vCenter Server 4.0 before Update 1\n\n ESXi 4.0 without patch ESXi400-200911201-UG\n\n ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG,\n ESX400-200911232-SG, ESX400-200911233-SG,\n ESX400-200911234-SG, ESX400-200911235-SG,\n ESX400-200911237-SG, ESX400-200911238-SG\n\n vMA 4.0 before patch 02\n\n3. Problem Description\n\n a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security\n issues that existed in earlier releases of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\n CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,\n CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,\n CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n Server 2.0 any affected, patch pending\n Server 1.0 any not affected\n\n ACE any any not affected\n\n Fusion any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2 *\n\n * vMA JRE is updated to version JRE 1.5.0_21\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of JRE depends on your patch\n deployment history. \n\n\n b. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580,\n CVE-2009-0781, CVE-2009-0783. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,\n CVE-2007-6286, CVE-2008-0002. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ======== ======== ======= =======================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n ACE any Windows not affected\n\n Server 2.x any affected, patch pending\n Server 1.x any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of Tomcat depends on\n your patch deployment history. \n\n c. Third party library update for ntp. \n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the\n following security issue. Note that the same security issue is\n present in the ESX Service Console as described in section d. of\n this advisory. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n The NTP security issue identified by CVE-2009-0159 is not relevant\n for ESXi 3.5 and ESXi 4.0. \n\n The following table lists what action remediates the vulnerability\n in this component (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 4.0 ESXi ESXi400-200911201-UG\n ESXi 3.5 ESXi affected, patch pending\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n d. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2\n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n The Service Console present in ESX is affected by the following\n security issues. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n NTP authentication is not enabled by default on the Service Console. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n A buffer overflow flaw was found in the ntpq diagnostic command. A\n malicious, remote server could send a specially-crafted reply to an\n ntpq request that could crash ntpq or, potentially, execute\n arbitrary code with the privileges of the user running the ntpq\n command. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0159 to this issue. \n\n The following table lists what action remediates the vulnerability\n in the Service Console (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911238-SG\n ESX 3.5 ESX affected, patch pending **\n ESX 3.0.3 ESX affected, patch pending **\n ESX 2.5.5 ESX affected, patch pending **\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not\naffected\n by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a\n low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5. \n\n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security\n issues below. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,\n CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,\n CVE-2009-0778 to the security issues fixed in kernel\n 2.6.18-128.1.6. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,\n CVE-2009-0787, CVE-2009-1336 to the security issues fixed in\n kernel 2.6.18-128.1.10. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,\n CVE-2009-1630, CVE-2009-1192 to the security issues fixed in\n kernel 2.6.18-128.1.14. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,\n CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the\n security issues fixed in kernel 2.6.18-128.4.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2692, CVE-2009-2698 to the\n security issues fixed in kernel 2.6.18-128.7.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,\n CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues\n fixed in kernel 2.6.18-164. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911201-UG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 Patch 2 **\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** vMA is updated to kernel version 2.6.18-164. \n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5. \n\n When the assert() system call was disabled, an input sanitization\n flaw was revealed in the Python string object implementation that\n led to a buffer overflow. The missing check for negative size values\n meant the Python memory allocator could allocate less memory than\n expected. This could result in arbitrary code execution with the\n Python interpreter\u0027s privileges. \n\n Multiple buffer and integer overflow flaws were found in the Python\n Unicode string processing and in the Python Unicode and string\n object implementations. An attacker could use these flaws to cause\n a denial of service. \n\n Multiple integer overflow flaws were found in the Python imageop\n module. If a Python application used the imageop module to\n process untrusted images, it could cause the application to\n disclose sensitive information, crash or, potentially, execute\n arbitrary code with the Python interpreter\u0027s privileges. \n\n Multiple integer underflow and overflow flaws were found in the\n Python snprintf() wrapper implementation. An attacker could use\n these flaws to cause a denial of service (memory corruption). \n\n Multiple integer overflow flaws were found in various Python\n modules. An attacker could use these flaws to cause a denial of\n service. \n\n An integer signedness error, leading to a buffer overflow, was\n found in the Python zlib extension module. If a Python application\n requested the negative byte count be flushed for a decompression\n stream, it could cause the application to crash or, potentially,\n execute arbitrary code with the Python interpreter\u0027s privileges. \n\n A flaw was discovered in the strxfrm() function of the Python\n locale module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data\n stored in the memory of a Python application using this function. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143\n CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911235-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the\n Domain Name System (DNS) protocols. BIND includes a DNS server\n (named); a resolver library (routines for applications to use when\n interfacing with DNS); and tools for verifying that the DNS server\n is operating correctly. \n\n A flaw was found in the way BIND handles dynamic update message\n packets containing the \"ANY\" record type. A remote attacker could\n use this flaw to send a specially-crafted dynamic update packet\n that could cause named to exit with an assertion failure. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0696 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911237-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8. \n\n libxml is a library for parsing and manipulating XML files. A\n Document Type Definition (DTD) defines the legal syntax (and also\n which elements can be used) for certain types of files, such as XML\n files. \n\n A stack overflow flaw was found in the way libxml processes the\n root XML document element definition in a DTD. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n Multiple use-after-free flaws were found in the way libxml parses\n the Notation and Enumeration attribute types. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2414 and CVE-2009-2416 to these\n issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911234-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published \"null prefix attack\",\n caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker\n could use the certificate during a man-in-the-middle attack and\n potentially confuse cURL into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2417 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911232-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in\n certain fields of X.509 certificates. If an attacker is able to get\n a carefully-crafted certificate signed by a Certificate Authority\n trusted by an application using GnuTLS, the attacker could use the\n certificate during a man-in-the-middle attack and potentially\n confuse the application into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2730 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911233-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n\n VMware vCenter Server 4 Update 1\n --------------------------------\n Version 4.0 Update 1\n Build Number 208156\n Release Date 2009/11/19\n Type Product Binaries\n http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1\n\n VMware vCenter Server 4 and modules\n File size: 1.8 GB\n File type: .iso\n MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5\n SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1\n\n VMware vCenter Server 4 and modules\n File size: 1.5 GB\n File type: .zip\n MD5SUM: f843d9c19795eb3bc5a77f5c545468a8\n SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c\n\n VMware vSphere Client and Host Update Utility\n File size: 113.8 MB\n File type: .exe\n MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9\n SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959\n\n VMware vCenter Converter BootCD\n File size: 98.8 MB\n File type: .zip\n MD5SUM: 3df94eb0e93de76b0389132ada2a3799\n SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c\n\n VMware vCenter Converter CLI (Linux)\n File size: 36.9 MB\n File type: .tar.gz\n MD5SUM: 3766097563936ba5e03e87e898f6bd48\n SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4\n\n\n ESXi 4.0 Update 1\n -----------------\n ESXi400-200911201-UG\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip\n md5sum:c6fdd6722d9e5cacb280bdcc2cca0627\n sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e\n http://kb.vmware.com/kb/1014886\n\n NOTE: The three ESXi patches for Firmware, VMware Tools, and the\n VI Client \"C\" are contained in a single download file. \n\n\n ESX 4.0 Update 1\n ----------------\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip\n md5sum: 68934321105c34dcda4cbeeab36a2b8f\n sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b\n http://kb.vmware.com/kb/1014842\n\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG\n -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG\n -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG\n -b ESX400-200911233-SG update\n\n\n5. References\n\n CVE numbers\n --- JRE ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724\n --- Tomcat ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002\n --- ntp ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159\n --- kernel ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848\n --- python ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031\n --- bind ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n --- libxml and libxml2 ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416\n --- curl --\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417\n --- gnutil ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-11-20 VMSA-2009-0016\nInitial security advisory after release of vCenter 4.0 Update 1 and\nESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/lifecycle/\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.11 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+\ndtoAniXz+9xLskrkPr3oUzAcDeV729WG\n=wSRz\n-----END PGP SIGNATURE-----\n. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2. \n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed. \n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed. ===========================================================\nUbuntu Security Notice USN-788-1 June 15, 2009\ntomcat6 vulnerabilities\nCVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781,\nCVE-2009-0783\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 8.10\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 8.10:\n libtomcat6-java 6.0.18-0ubuntu3.2\n tomcat6-examples 6.0.18-0ubuntu3.2\n\nUbuntu 9.04:\n libtomcat6-java 6.0.18-0ubuntu6.1\n tomcat6-examples 6.0.18-0ubuntu6.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIida Minehiko discovered that Tomcat did not properly normalise paths. A\nremote attacker could send specially crafted requests to the server and\nbypass security restrictions, gaining access to sensitive content. \n(CVE-2008-5515)\n\nYoshihito Fukuyama discovered that Tomcat did not properly handle errors\nwhen the Java AJP connector and mod_jk load balancing are used. A\nremote attacker could exploit this in order to enumerate valid usernames. \n(CVE-2009-0580)\n\nDeniz Cevik discovered that Tomcat did not properly escape certain\nparameters in the example calendar application which could result in\nbrowsers becoming vulnerable to cross-site scripting attacks when\nprocessing the output. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing server output during a crafted server request, a\nremote attacker could exploit this to modify the contents, or steal\nconfidential data (such as passwords), within the same domain. Local users could exploit\nthis to bypass security restrictions and gain access to certain sensitive\nfiles. (CVE-2009-0783)\n\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz\n Size/MD5: 22010 87c6105cd78ea5a8dbf62054fc4ba0aa\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc\n Size/MD5: 1378 823c008ffc927c0f3f5686fc6f5188d0\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz\n Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 174164 dd24331b2709bd6641b4055d0b052eae\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 2961944 63c8c3e0300ed70a240b79ddd3299efb\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 37370 b9b1bd6dc9cfb52107811295401c09e4\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 53488 5006e5c394ec815f6d36c335d9f0abaf\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 714516 768cacbb74453b1a2a49e55d61b7bedd\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 419180 0663de0611fb9792d44aebad8aa24cc4\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 18612 95544319007f1f90321469c5d314c72e\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb\n Size/MD5: 24156 9f4d7a0671e9330ff2fa1a1c13a20c58\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz\n Size/MD5: 24779 221e0f51259495fd01da2a6b67358b17\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc\n Size/MD5: 1411 e3bac3c39b2e6db3267699a533b17add\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz\n Size/MD5: 3484249 9bdbb1c1d79302c80057a70b18fe6721\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 246196 54e990e7893923b8b6df4bcce9f3ba22\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 172500 abf989790a45def65d5de9a7f9b010df\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 2846254 c1c0180751500ce58c51b97de9f2d6d9\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 37874 e7d401faba215af22ecff31b4a675fad\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 53184 194153ab21adac9a47baaf92ea8d2acb\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 714212 d52e9abc75108a8f059346e09d47b511\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 418316 3a7110c9da4bd72a7019cbb75651da73\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 20520 ea5e54c91e7055e281d61e63f0e140f2\n http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb\n Size/MD5: 24952 ec80f910d6c8e606c090ba8dd737bc4c\n\n\n. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to\nhijack a session, to bypass authentication, to inject webscript, to\nenumerate valid usernames, to read, modify and overwrite arbitrary\nfiles, to bypass intended access restrictions, to delete work-directory\nfiles, to discover the server\u0027s hostname or IP, to bypass read\npermissions for files or HTTP headers, to read or write files outside\nof the intended working directory, and to obtain sensitive information\nby reading a log file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.35\"\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.23\"\n\nReferences\n==========\n\n[ 1 ] CVE-2008-5515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515\n[ 2 ] CVE-2009-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033\n[ 3 ] CVE-2009-0580\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580\n[ 4 ] CVE-2009-0781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781\n[ 5 ] CVE-2009-0783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783\n[ 6 ] CVE-2009-2693\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693\n[ 7 ] CVE-2009-2901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901\n[ 8 ] CVE-2009-2902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902\n[ 9 ] CVE-2010-1157\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157\n[ 10 ] CVE-2010-2227\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227\n[ 11 ] CVE-2010-3718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718\n[ 12 ] CVE-2010-4172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172\n[ 13 ] CVE-2010-4312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312\n[ 14 ] CVE-2011-0013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013\n[ 15 ] CVE-2011-0534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534\n[ 16 ] CVE-2011-1088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088\n[ 17 ] CVE-2011-1183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183\n[ 18 ] CVE-2011-1184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184\n[ 19 ] CVE-2011-1419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419\n[ 20 ] CVE-2011-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475\n[ 21 ] CVE-2011-1582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582\n[ 22 ] CVE-2011-2204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204\n[ 23 ] CVE-2011-2481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481\n[ 24 ] CVE-2011-2526\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526\n[ 25 ] CVE-2011-2729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729\n[ 26 ] CVE-2011-3190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190\n[ 27 ] CVE-2011-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375\n[ 28 ] CVE-2011-4858\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858\n[ 29 ] CVE-2011-5062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062\n[ 30 ] CVE-2011-5063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063\n[ 31 ] CVE-2011-5064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064\n[ 32 ] CVE-2012-0022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. NOTE:\n this issue exists because of an incomplete fix for CVE-2007-3385\n (CVE-2007-5333). \n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18, when the Java AJP connector and mod_jk load balancing\n are used, allows remote attackers to cause a denial of service\n (application outage) via a crafted request with invalid headers,\n related to temporary blocking of connectors that have encountered\n errors, as demonstrated by an error involving a malformed HTTP Host\n header (CVE-2009-0033). \n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and\n 6.0.0 through 6.0.18, when FORM authentication is used, allows\n remote attackers to enumerate valid usernames via requests to\n /j_security_check with malformed URL encoding of passwords, related to\n improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\n and (3) JDBCRealm authentication realms, as demonstrated by a \\%\n (percent) value for the j_password parameter (CVE-2009-0580). \n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18 permits web applications to replace an XML parser used\n for other web applications, which allows local users to read or modify\n the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\n applications via a crafted application that is loaded earlier than\n the target application (CVE-2009-0783). (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693). \n \n Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\n allow remote attackers to discover the server\u0027s hostname or IP\n address by sending a request for a resource that requires (1) BASIC or\n (2) DIGEST authentication, and then reading the realm field in the\n WWW-Authenticate header in the reply (CVE-2010-1157). \n \n Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\n beta does not properly handle an invalid Transfer-Encoding header,\n which allows remote attackers to cause a denial of service (application\n outage) or obtain sensitive information via a crafted header that\n interferes with recycling of a buffer. (CVE-2010-2227)\n \n Packages for 2008.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026products_id=490\n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n b7ec529ef67655e138bb9845381dafe0 2008.0/i586/tomcat5-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n 7480f62988c594c5e963968a5d8a760c 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n 81f00d0be9c8fad809640b83015fd73e 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n 5e2b03d332177ca8f1b59b672e568028 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n fd942acf4a4b56c678cf8dc46b3cf23b 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n 482cfd3a9f47ccfc8ed33e29918bd131 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n 97a9df65785526f25233c22c1c077eab 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n cb9a2042c893f1818bef3fdec427da8b 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n 41e632f8c33e4c0d0d8106fbd4b1448f 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n 9c9ae10e58d6cf12b64400d3ba3c8895 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.3mdv2008.0.i586.rpm\n 9967a35bf6a073e8a8509da3c5a42559 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.3mdv2008.0.i586.rpm \n 723023ef6f65aee545713e42809d5b86 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 4b424c91fb912dc8d58ecfaf887a730c 2008.0/x86_64/tomcat5-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n ca5003fcc1480d072729f2e3a01f374c 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n 83c84b3c3543e561be43c439931432e5 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n e2a2adee1147b24791cdbc9612bbf812 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n a31a7de061b6d692924e2be3b3ee2a9c 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n 42dff6a2eecaeb735dae70ffa28bfd83 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n 31da50a7f741eee25f7d3920ece1531c 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n 1670728be5615301bb60b2b01b993a1e 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n ee4c0935479f16f258c78ba2c5225e84 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n 3383de2b3f2953ee01020d9b502900b3 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm\n b4fcecfae58187c2e0f644f569969ca6 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.3mdv2008.0.x86_64.rpm \n 723023ef6f65aee545713e42809d5b86 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.3mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFMjL+MmqjQ0CJFipgRAu5tAJ9opOdrTTLzYdyAcuZx+7WfwtcLbQCeOTn4\ncZE6uUZ95kih/bicVxL4f/c=\n=OWxp\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01908935\nVersion: 1\n\nHPSBUX02466 SSRT090192 rev.1 - HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-10-21\nLast Updated: 2009-10-21\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. Tomcat-based Servlet Engine is contained in the Apache Web Server Suite. \n\nReferences: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23 and B.11.31 running Tomcat-based Servlet Engine v5.5.27.02 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location:\n\nURL http://software.hp.com\n\nNote: Both HP-UX Web Server Suite v3.06 and v2.27 contain HP-UX Tomcat-based Servlet Engine v5.5.27.03\n\nWeb Server Suite\n HP-UX Release\n Apache Depot name\n\nTomcat-based Servlet Engine v5.5.27.03\n B.11.23 and B.11.31 PA-32\n HPUX22SATW-1123-32.depot\n\nB.11.23 and B.11.31 IA-64\n HPUX22SATW-1123-64.depot\n\nB.11.11 PA-32\n HPUXSATW-1111-64-32.depot\n\nB.11.23 PA-32 and IA-64\n HPUXWSATW-1123-64-bit.depot\n\nB.11.31 IA-32 and IA-64\n HPUXSATW-1131-64.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall Tomcat-based Servlet Engine from the Apache Web Server Suite v5.5.27.03 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nhpuxwsTOMCAT.TOMCAT\naction: install revision B.5.5.27.03 or subsequent\n\nHP-UX B.11.23\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.5.5.27.03 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.5.5.27.03 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 21 October 2009 Initial release\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n \n The calendar application in the examples web application contains an\n XSS flaw due to invalid HTML which renders the XSS filtering protection\n ineffective (CVE-2009-0781)",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-5515"
},
{
"db": "BID",
"id": "35263"
},
{
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "99870"
},
{
"db": "PACKETSTORM",
"id": "78409"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "89679"
},
{
"db": "PACKETSTORM",
"id": "93755"
},
{
"db": "PACKETSTORM",
"id": "79715"
},
{
"db": "PACKETSTORM",
"id": "82165"
},
{
"db": "PACKETSTORM",
"id": "78585"
}
],
"trust": 2.16
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2008-5515",
"trust": 3.0
},
{
"db": "BID",
"id": "35263",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "44183",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35685",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35393",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37460",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39317",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42368",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35788",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVN63832775",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3056",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-1535",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-1856",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-3316",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-1520",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265",
"trust": 0.6
},
{
"db": "VUPEN",
"id": "2009/1856",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2009/3316",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2009/1520",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/3056",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2009/1535",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-5515",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "78409",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114139",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89679",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93755",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79715",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82165",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "78585",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"db": "BID",
"id": "35263"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "99870"
},
{
"db": "PACKETSTORM",
"id": "78409"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "89679"
},
{
"db": "PACKETSTORM",
"id": "93755"
},
{
"db": "PACKETSTORM",
"id": "79715"
},
{
"db": "PACKETSTORM",
"id": "82165"
},
{
"db": "PACKETSTORM",
"id": "78585"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"id": "VAR-200906-0603",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-03-09T21:03:11.345000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Red Hat: Important: JBoss Enterprise Application Platform 4.3.0.CP05 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091145 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091164 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: tomcat6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-788-1"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 6 Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ac49c4dcad19730a5b7d72eba69e3550"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 5 Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b4688be3241a5693241135af6523bb48"
},
{
"title": "Symantec Security Advisories: SA66 : Multiple Tomcat vulnerabilities in IntelligenceCenter",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=ce6312b51b7767e26422e4b3dbf8f5cd"
},
{
"title": "VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4675848a694e2124743f676a2c827ef7"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-5515"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/35263"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2011/dsa-2207"
},
{
"trust": 2.2,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1520"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn63832775/index.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35393"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:138"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:136"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35685"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1856"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35788"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37460"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01156.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01246.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01216.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4077"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39317"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:176"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3056"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42368"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44183"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6445"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19452"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10422"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580"
},
{
"trust": 0.4,
"url": "http://secunia.com/"
},
{
"trust": 0.4,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.3,
"url": "http://jakarta.apache.org/tomcat/"
},
{
"trust": 0.3,
"url": "/archive/1/504170"
},
{
"trust": 0.3,
"url": "/archive/1/504202"
},
{
"trust": 0.3,
"url": "/archive/1/507985"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27012048"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01908935"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02515878"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025919"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa66"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2009-1164.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2009-1506.html"
},
{
"trust": 0.3,
"url": "http://www.blackberry.com/btsc/dynamickc.do?externalid=kb25966\u0026sliceid=1\u0026command=show\u0026forward=nonthreadedkc\u0026kcid=kb25966"
},
{
"trust": 0.3,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333"
},
{
"trust": 0.2,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2009:1145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/788-1/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1630"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1102"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1098"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0745"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2671"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2671"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1096"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2052"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2315"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2416"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1093"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1101"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1094"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2724"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5031"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0159"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3143"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1439"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2716"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4864"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=vc40u1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1895"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3142"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1093"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2407"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2692"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2673"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1887"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2723"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0778"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2676"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1096"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1721"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2675"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1103"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1097"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1103"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1385"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2670"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1633"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0747"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1102"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2414"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4965"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0748"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0834"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1014842"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2847"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1097"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1105"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3528"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2406"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2625"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2417"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/resources/techresources/726"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/lifecycle/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1106"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1337"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2722"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1094"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2698"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1107"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-155-20091116-013169/esxi-4.0.0-update01.zip"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-158-20091118-187517/esx-4.0.0-update01.zip"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1101"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1104"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1100"
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0676"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0028"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0696"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1072"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1336"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1014886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1104"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2721"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0269"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1098"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1107"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1192"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1100"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0002"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5700"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1389"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5966"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0322"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2719"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2625"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1105"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2848"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/security-5.html."
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0033"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0781"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2902"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3718"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0534"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4172"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5064"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1088"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0580"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2901"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2204"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2693"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4312"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4858"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2227"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2481"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5515"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3190"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1419"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3375"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201206-24.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1582"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1419"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/patches"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-5515"
},
{
"db": "BID",
"id": "35263"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "99870"
},
{
"db": "PACKETSTORM",
"id": "78409"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "89679"
},
{
"db": "PACKETSTORM",
"id": "93755"
},
{
"db": "PACKETSTORM",
"id": "79715"
},
{
"db": "PACKETSTORM",
"id": "82165"
},
{
"db": "PACKETSTORM",
"id": "78585"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
},
{
"db": "NVD",
"id": "CVE-2008-5515"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2008-5515",
"ident": null
},
{
"db": "BID",
"id": "35263",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121037",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "82837",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "99870",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "78409",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "114139",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89679",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "93755",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "79715",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "82165",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "78585",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2008-5515",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2009-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2008-5515",
"ident": null
},
{
"date": "2009-06-08T00:00:00",
"db": "BID",
"id": "35263",
"ident": null
},
{
"date": "2013-04-01T15:55:00",
"db": "PACKETSTORM",
"id": "121037",
"ident": null
},
{
"date": "2009-11-20T22:21:26",
"db": "PACKETSTORM",
"id": "82837",
"ident": null
},
{
"date": "2011-03-30T00:19:03",
"db": "PACKETSTORM",
"id": "99870",
"ident": null
},
{
"date": "2009-06-15T20:42:09",
"db": "PACKETSTORM",
"id": "78409",
"ident": null
},
{
"date": "2012-06-24T23:54:31",
"db": "PACKETSTORM",
"id": "114139",
"ident": null
},
{
"date": "2010-05-19T06:15:08",
"db": "PACKETSTORM",
"id": "89679",
"ident": null
},
{
"date": "2010-09-13T01:03:39",
"db": "PACKETSTORM",
"id": "93755",
"ident": null
},
{
"date": "2009-07-28T19:23:06",
"db": "PACKETSTORM",
"id": "79715",
"ident": null
},
{
"date": "2009-10-23T18:16:10",
"db": "PACKETSTORM",
"id": "82165",
"ident": null
},
{
"date": "2009-06-23T03:25:29",
"db": "PACKETSTORM",
"id": "78585",
"ident": null
},
{
"date": "2009-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-265",
"ident": null
},
{
"date": "2009-06-16T21:00:00.313000",
"db": "NVD",
"id": "CVE-2008-5515",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2008-5515",
"ident": null
},
{
"date": "2015-04-13T22:12:00",
"db": "BID",
"id": "35263",
"ident": null
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-265",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-5515",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "93755"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache Tomcat Path traversal vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-265"
}
],
"trust": 0.6
}
}
VAR-201706-0361
Vulnerability from variot - Updated: 2026-03-09 20:49The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. Apache Tomcat Contains a security restriction bypass vulnerability. The Apache Software Foundation From Apache Tomcat An update has been released for the following vulnerabilities: * * Security restriction bypass vulnerability related to error page processing (CVE-2017-5664 )Crafted HTTP By processing the request, the error page may be deleted or overwritten. ========================================================================== Ubuntu Security Notice USN-3519-1 January 08, 2018
tomcat7, tomcat8 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Tomcat. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2017-5664)
It was discovered that Tomcat incorrectly handled the CORS filter. A remote attacker could possibly use this issue to perform cache poisoning. (CVE-2017-7674)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libtomcat8-java 8.0.38-2ubuntu2.2 tomcat8 8.0.38-2ubuntu2.2
Ubuntu 16.04 LTS: libtomcat8-java 8.0.32-1ubuntu1.5 tomcat8 8.0.32-1ubuntu1.5
Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.13 tomcat7 7.0.52-1ubuntu0.13
In general, a standard system update will make all the necessary changes.
Security Fix(es):
- It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. JIRA issues fixed (https://issues.jboss.org/):
JWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs JWS-667 - Subject incorrectly removed from user session JWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain JWS-709 - RPM missing selinux-policy dependency JWS-716 - Backport 60087 for Tomcat 8 JWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites JWS-721 - CORS filter Vary header missing JWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2 JWS-741 - Configurations in conf.d are not applied JWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar's manifest file
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: tomcat security update Advisory ID: RHSA-2017:1809-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1809 Issue date: 2017-07-27 CVE Names: CVE-2017-5648 CVE-2017-5664 =====================================================================
- Summary:
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
-
(CVE-2017-5664)
-
A vulnerability was discovered in Tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object 1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: tomcat-7.0.69-12.el7_3.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: tomcat-7.0.69-12.el7_3.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: tomcat-7.0.69-12.el7_3.src.rpm
noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: tomcat-7.0.69-12.el7_3.src.rpm
noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-5648 https://access.redhat.com/security/cve/CVE-2017-5664 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZeYTJXlSAg2UNWIIRAiRLAJ9mLApI6LC2N8mfgxyqv7Ndu04maACfaPeM /dGPQXHuX1omxWSQ/miLBj8= =Ia1W -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Note: the current version of the following document is available here: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03302206
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03302206 Version: 1
MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2018-12-12 Last Updated: 2018-12-12
Potential Security Impact: Remote: Cross-Site Scripting (XSS), Disclosure of Information
Source: Micro Focus, Product Security Response Team
VULNERABILITY SUMMARY A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information
References:
- PSRT110650
- CVE-2016-6816
- CVE-2017-5664
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE Network Node Manager I (NNMi) Software 9.2x, 10.0x, 10.00 Patch 1, 10.00 Patch 2, 10.00 Patch 3, 10.00 Patch 4, 10.00 Patch 5, 10.1x, 10.10 Patch 1, 10.10 Patch 2, 10.10 Patch 3, 10.10 Patch 4, 10.2x, 10.20 Patch 1, 10.20 Patch 2, 10.20 Patch 3, 10.30, 10.30 Patch 1
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
RESOLUTION
Micro Focus has made the following software updates and mitigation information to resolve the vulnerability in Micro Focus Network Node Manager i: Customers using v9.X must upgrade to v10.x and then install the patch below. Patches are available to address the vulnerabilities: For v10.0x: Network Node Manager i 10.00 Patch 8 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139745 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139763 For v10.1x: Network Node Manager i 10.10 Patch 7 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139729 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139781 For v10.2x: Network Node Manager i 10.20 Patch 6 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139701 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139715 For v10.3x: Network Node Manager i 10.30 Patch 2 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139685 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139693
HISTORY Version:1 (rev.1) - 12 December 2018 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to security@microfocus.com.
Report: To report a potential security vulnerability for any supported product: Web form: https://softwaresupport.softwaregrp.com/psrt Email: security@microfocus.com
Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.softwaregrp.com/security-vulnerability
Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.
3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software
System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright Micro Focus
Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The updates are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)
-
A vulnerability was discovered in tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5664)
-
A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
The References section of this erratum contains a download link (you must log in to download the update)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.72"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.61"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.75"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.65"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.70"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.55"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.68"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.63"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.67"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.77"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.64"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.56"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.62"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.69"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.76"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.51"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.54"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.66"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.71"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.73"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.60"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.74"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.58"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.59"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.57"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 from 7.0.77"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0.rc1 from 8.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.5.0 from 8.5.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "9.0.0.m1 from 9.0.0.m20"
},
{
"_id": null,
"model": "mailshooter",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"_id": null,
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6"
},
{
"_id": null,
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7"
},
{
"_id": null,
"model": "spoolserver/winspool series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "reportfiling ver5.2 ~ 6.2"
},
{
"_id": null,
"model": "webotx",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004051"
},
{
"db": "NVD",
"id": "CVE-2017-5664"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:mailshooter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:simpwright",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:spoolserver_winspool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:websam",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:websam_mcoperations",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:websam_systemmanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_network_node_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004051"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "143519"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 0.6
},
"cve": "CVE-2017-5664",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5664",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5664",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5664",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5664",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-192",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5664",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-5664"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004051"
},
{
"db": "NVD",
"id": "CVE-2017-5664"
}
]
},
"description": {
"_id": null,
"data": "The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. Apache Tomcat Contains a security restriction bypass vulnerability. The Apache Software Foundation From Apache Tomcat An update has been released for the following vulnerabilities: * * Security restriction bypass vulnerability related to error page processing (CVE-2017-5664 )Crafted HTTP By processing the request, the error page may be deleted or overwritten. ==========================================================================\nUbuntu Security Notice USN-3519-1\nJanuary 08, 2018\n\ntomcat7, tomcat8 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. A remote attacker could use this issue to\nobtain wrong responses possibly containing sensitive information. A malicious application could possibly use this to bypass Security\nManager restrictions. (CVE-2017-5664)\n\nIt was discovered that Tomcat incorrectly handled the CORS filter. A remote\nattacker could possibly use this issue to perform cache poisoning. \n(CVE-2017-7674)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n libtomcat8-java 8.0.38-2ubuntu2.2\n tomcat8 8.0.38-2ubuntu2.2\n\nUbuntu 16.04 LTS:\n libtomcat8-java 8.0.32-1ubuntu1.5\n tomcat8 8.0.32-1ubuntu1.5\n\nUbuntu 14.04 LTS:\n libtomcat7-java 7.0.52-1ubuntu0.13\n tomcat7 7.0.52-1ubuntu0.13\n\nIn general, a standard system update will make all the necessary changes. \n\nSecurity Fix(es):\n\n* It was found that when using remote logging with log4j socket server the\nlog4j server would deserialize any log event received via TCP or UDP. An\nattacker could use this flaw to send a specially crafted log event that,\nduring deserialization, would execute arbitrary code in the context of the\nlogger application. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs\nJWS-667 - Subject incorrectly removed from user session\nJWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain\nJWS-709 - RPM missing selinux-policy dependency\nJWS-716 - Backport 60087 for Tomcat 8\nJWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites\nJWS-721 - CORS filter Vary header missing\nJWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2\nJWS-741 - Configurations in conf.d are not applied\nJWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar\u0027s manifest file\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: tomcat security update\nAdvisory ID: RHSA-2017:1809-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1809\nIssue date: 2017-07-27\nCVE Names: CVE-2017-5648 CVE-2017-5664 \n=====================================================================\n\n1. Summary:\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. (CVE-2017-5664)\n\n* A vulnerability was discovered in Tomcat. When running an untrusted\napplication under a SecurityManager it was possible, under some\ncircumstances, for that application to retain references to the request or\nresponse objects and thereby access and/or modify information associated\nwith another web application. (CVE-2017-5648)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object\n1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ntomcat-7.0.69-12.el7_3.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-12.el7_3.noarch.rpm\ntomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm\ntomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm\ntomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-javadoc-7.0.69-12.el7_3.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-jsvc-7.0.69-12.el7_3.noarch.rpm\ntomcat-lib-7.0.69-12.el7_3.noarch.rpm\ntomcat-webapps-7.0.69-12.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ntomcat-7.0.69-12.el7_3.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-12.el7_3.noarch.rpm\ntomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm\ntomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm\ntomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-javadoc-7.0.69-12.el7_3.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-jsvc-7.0.69-12.el7_3.noarch.rpm\ntomcat-lib-7.0.69-12.el7_3.noarch.rpm\ntomcat-webapps-7.0.69-12.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ntomcat-7.0.69-12.el7_3.src.rpm\n\nnoarch:\ntomcat-7.0.69-12.el7_3.noarch.rpm\ntomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm\ntomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-lib-7.0.69-12.el7_3.noarch.rpm\ntomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-webapps-7.0.69-12.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-12.el7_3.noarch.rpm\ntomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm\ntomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm\ntomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-javadoc-7.0.69-12.el7_3.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-jsvc-7.0.69-12.el7_3.noarch.rpm\ntomcat-lib-7.0.69-12.el7_3.noarch.rpm\ntomcat-webapps-7.0.69-12.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ntomcat-7.0.69-12.el7_3.src.rpm\n\nnoarch:\ntomcat-7.0.69-12.el7_3.noarch.rpm\ntomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm\ntomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-lib-7.0.69-12.el7_3.noarch.rpm\ntomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm\ntomcat-webapps-7.0.69-12.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\ntomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm\ntomcat-javadoc-7.0.69-12.el7_3.noarch.rpm\ntomcat-jsvc-7.0.69-12.el7_3.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-5648\nhttps://access.redhat.com/security/cve/CVE-2017-5664\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZeYTJXlSAg2UNWIIRAiRLAJ9mLApI6LC2N8mfgxyqv7Ndu04maACfaPeM\n/dGPQXHuX1omxWSQ/miLBj8=\n=Ia1W\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Note: the current version of the following document is available here:\nhttps://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03302206\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: KM03302206\nVersion: 1\n\nMFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-12-12\nLast Updated: 2018-12-12\n\nPotential Security Impact: Remote: Cross-Site Scripting (XSS), Disclosure of\nInformation\n\nSource: Micro Focus, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node\nManager i. The vulnerability could be exploited Remote Cross-Site Scripting\n(XSS) and Remote Disclosure of Information\n\nReferences:\n\n - PSRT110650\n - CVE-2016-6816\n - CVE-2017-5664\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE Network Node Manager I (NNMi) Software 9.2x, 10.0x, 10.00 Patch 1,\n10.00 Patch 2, 10.00 Patch 3, 10.00 Patch 4, 10.00 Patch 5, 10.1x, 10.10\nPatch 1, 10.10 Patch 2, 10.10 Patch 3, 10.10 Patch 4, 10.2x, 10.20 Patch 1,\n10.20 Patch 2, 10.20 Patch 3, 10.30, 10.30 Patch 1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n\nRESOLUTION\n\nMicro Focus has made the following software updates and mitigation\ninformation to resolve the vulnerability in Micro Focus Network Node Manager\ni:\nCustomers using v9.X must upgrade to v10.x and then install the patch below. \nPatches are available to address the vulnerabilities:\nFor v10.0x: Network Node Manager i 10.00 Patch 8 \n\tLinux \n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139745](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139745)\n\tWindows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139763](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139763)\nFor v10.1x: Network Node Manager i 10.10 Patch 7\n\tLinux\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139729](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139729)\n\tWindows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139781](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139781)\nFor v10.2x: Network Node Manager i 10.20 Patch 6\n\tLinux\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139701](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139701)\n\tWindows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139715](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139715)\nFor v10.3x: Network Node Manager i 10.30 Patch 2\n\tLinux\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139685](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139685)\n\t Windows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139693](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139693) \n\n\nHISTORY\nVersion:1 (rev.1) - 12 December 2018 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on \nsystems running Micro Focus products should be applied in accordance with the customer\u0027s \npatch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. \nFor other issues about the content of this Security Bulletin, send e-mail to security@microfocus.com. \n\nReport: To report a potential security vulnerability for any supported product:\n Web form: https://softwaresupport.softwaregrp.com/psrt\n Email: security@microfocus.com\n\nSubscribe:\n To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification\n Once you are logged in to the portal, please choose security bulletins under product and document types. \n Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do \n\nSecurity Bulletin Archive:\n A list of recently released Security Bulletins is available here: https://softwaresupport.softwaregrp.com/security-vulnerability\n \nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following Micro Focus Security Bulletin. \n\n3P = 3rd Party Software\nGN = Micro Focus General Software\nMU = Multi-Platform Software\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. \nMicro Focus is continually reviewing and enhancing the security features of software products to provide \ncustomers with current secure solutions. \n\n\"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the \naffected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends \nthat all users determine the applicability of this information to their individual situations and take appropriate action. \nMicro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, \nMicro Focus will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in \nthis Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\" \n\n\nCopyright Micro Focus\n\nMicro Focus shall not be liable for technical or editorial errors or omissions contained herein. \nThe information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, \nneither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special \nor consequential damages including downtime cost; lost profits; damages relating to the procurement of \nsubstitute products or services; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without notice. Micro Focus and the names of \nMicro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. \nOther product and company names mentioned herein may be trademarks of their respective owners. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. The updates are documented in the Release Notes document\nlinked to in the References. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* A vulnerability was discovered in tomcat\u0027s handling of pipelined requests\nwhen \"Sendfile\" was used. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5664)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol\ndefined processing of ALERT packets during a connection handshake. A remote\nattacker could use this flaw to make a TLS/SSL server consume an excessive\namount of CPU and fail to accept connections from other clients. \n(CVE-2016-8610)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. \nUpstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original\nreporter of CVE-2016-6304. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5664"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004051"
},
{
"db": "VULMON",
"id": "CVE-2017-5664"
},
{
"db": "PACKETSTORM",
"id": "145765"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "143519"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-5664",
"trust": 3.3
},
{
"db": "BID",
"id": "98888",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1038641",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU95420726",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004051",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3216.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1276",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-192",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-5664",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143499",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143519",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150775",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144019",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143873",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144018",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-5664"
},
{
"db": "PACKETSTORM",
"id": "145765"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "143519"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144018"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004051"
},
{
"db": "NVD",
"id": "CVE-2017-5664"
}
]
},
"id": "VAR-201706-0361",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2026-03-09T20:49:49.009000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache Tomcat 8.0.44",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44"
},
{
"title": "Fixed in Apache Tomcat 7.0.78",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78"
},
{
"title": "Fixed in Apache Tomcat 9.0.0.M21",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M21"
},
{
"title": "Fixed in Apache Tomcat 8.5.15",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "NV17-015",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-015.html"
},
{
"title": "[SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypass",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "Apache Tomcat Default Servlet Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71211"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171809 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173080 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3892-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=84d07d805fb625d5e5269555c0f8846e"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171801 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171802 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3891-1 tomcat8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=91198151af7100bd505e12e11d3f56e5"
},
{
"title": "Debian CVElist Bug Report Logs: tomcat8: CVE-2017-5664: Security constrained bypass in error page mechanism",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6e84a658cd855bbabe4c36955d8fe865"
},
{
"title": "Arch Linux Advisories: [ASA-201706-6] tomcat7: access restriction bypass",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201706-6"
},
{
"title": "Amazon Linux AMI: ALAS-2017-853",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-853"
},
{
"title": "Amazon Linux AMI: ALAS-2017-854",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-854"
},
{
"title": "Arch Linux Advisories: [ASA-201706-7] tomcat8: access restriction bypass",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201706-7"
},
{
"title": "Ubuntu Security Notice: tomcat7, tomcat8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3519-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-5664"
},
{
"title": "Amazon Linux AMI: ALAS-2017-862",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-862"
},
{
"title": "Amazon Linux AMI: ALAS-2017-873",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-873"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Network Node Manager i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-107"
},
{
"title": "Forcepoint Security Advisories: CVE-2017-5664 Apache Tomcat Security Constraint Bypass Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=85b7afd6cc93580dc2508b4ad46d18f2"
},
{
"title": "Symantec Security Advisories: SA156: Apache Tomcat Vulnerabilities Apr-Oct 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=8d498c8e227285c90100c42076428782"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=549dc795290b298746065b62b4bb7928"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
},
{
"title": "vulners-yum-scanner",
"trust": 0.1,
"url": "https://github.com/dkiser/vulners-yum-scanner "
},
{
"title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-5664"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004051"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004051"
},
{
"db": "NVD",
"id": "CVE-2017-5664"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/98888"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2017/dsa-3892"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2017/dsa-3891"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:1809"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2638"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2637"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2635"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2494"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1801"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038641"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3080"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2636"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2633"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2493"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:1802"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03828en_us"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5664"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5664"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95420726"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa156"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459158"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "http://support.symantec.com/us/en/article.symsa1419.html"
},
{
"trust": 0.6,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79014"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3216.2/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-5645"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5645"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5648"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-7525"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform?version=6.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5647"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5648"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-3892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3519-1/"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55627"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat8/8.0.38-2ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7674"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3519-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 0.1,
"url": "https://cf.passport.softwaregrp.com/hppcf/createuser.do"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/psrt"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/gro"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/security-vulnerability"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03302206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3155411"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-5664"
},
{
"db": "PACKETSTORM",
"id": "145765"
},
{
"db": "PACKETSTORM",
"id": "143499"
},
{
"db": "PACKETSTORM",
"id": "143519"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "143873"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144018"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004051"
},
{
"db": "NVD",
"id": "CVE-2017-5664"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2017-5664",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "145765",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "143499",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "143519",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150775",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144019",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "143873",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144017",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144018",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201706-192",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004051",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-5664",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-06-06T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5664",
"ident": null
},
{
"date": "2018-01-09T17:18:26",
"db": "PACKETSTORM",
"id": "145765",
"ident": null
},
{
"date": "2017-07-25T23:14:47",
"db": "PACKETSTORM",
"id": "143499",
"ident": null
},
{
"date": "2017-07-27T14:44:00",
"db": "PACKETSTORM",
"id": "143519",
"ident": null
},
{
"date": "2018-12-13T18:21:43",
"db": "PACKETSTORM",
"id": "150775",
"ident": null
},
{
"date": "2017-09-06T04:16:42",
"db": "PACKETSTORM",
"id": "144019",
"ident": null
},
{
"date": "2017-08-22T05:28:16",
"db": "PACKETSTORM",
"id": "143873",
"ident": null
},
{
"date": "2017-09-06T04:16:30",
"db": "PACKETSTORM",
"id": "144017",
"ident": null
},
{
"date": "2017-09-06T04:16:37",
"db": "PACKETSTORM",
"id": "144018",
"ident": null
},
{
"date": "2017-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-192",
"ident": null
},
{
"date": "2017-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004051",
"ident": null
},
{
"date": "2017-06-06T14:29:00.937000",
"db": "NVD",
"id": "CVE-2017-5664",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5664",
"ident": null
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-192",
"ident": null
},
{
"date": "2019-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004051",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5664",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "145765"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "144019"
},
{
"db": "PACKETSTORM",
"id": "144017"
},
{
"db": "PACKETSTORM",
"id": "144018"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-192"
}
],
"trust": 1.1
},
"title": {
"_id": null,
"data": "Apache Tomcat Security restriction bypass vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004051"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-192"
}
],
"trust": 0.6
}
}
VAR-202310-0175
Vulnerability from variot - Updated: 2026-03-09 20:20The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The purpose of this text-only errata is to inform you about the security issues fixed. See references for release notes.
Description:
This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.13.
Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7610.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.12.45 packages and security update Advisory ID: RHSA-2023:7610-03 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:7610 Issue date: 2023-12-06 Revision: 03 CVE Names: CVE-2023-44487 ====================================================================
Summary:
Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.45. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:7608
Security Fix(es):
-
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
-
python-werkzeug: high resource consumption leading to denial of service (CVE-2023-46136)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Solution:
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
CVEs:
CVE-2023-44487
References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2246310
. ========================================================================== Ubuntu Security Notice USN-6427-2 October 19, 2023
dotnet8 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
.NET could be made to crash if it received specially crafted network traffic.
Software Description: - dotnet8: .NET CLI tools and runtime
Details:
USN-6427-1 fixed a vulnerability in .NET. This update provides the corresponding update for .NET 8.
Original advisory details:
It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: aspnetcore-runtime-8.0 8.0.0~rc2-0ubuntu1 dotnet-host-8.0 8.0.0~rc2-0ubuntu1 dotnet-hostfxr-8.0 8.0.0~rc2-0ubuntu1 dotnet-runtime-8.0 8.0.0~rc2-0ubuntu1 dotnet-sdk-8.0 8.0.100~rc2-0ubuntu1 dotnet8 8.0.100-8.0.0~rc2-0ubuntu1
In general, a standard system update will make all the necessary changes.
Description:
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "node healthcheck operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "secure dynamic attributes connector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.0"
},
{
"model": "varnish cache",
"scope": "lt",
"trust": 1.0,
"vendor": "varnish cache",
"version": "2023-10-10"
},
{
"model": "decision manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nginx plus",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "build of quarkus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.100"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "cost management",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.2\\(7\\)"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "kong gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "konghq",
"version": "3.4.2"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "prime network registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openshift virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "3.0.0"
},
{
"model": "integration camel k",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "integration service registry",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "migration toolkit for applications",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "solr",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.4.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "iot field network director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.11.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "openshift distributed tracing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6"
},
{
"model": "cbl-mariner",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-11"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"model": "big-ip next",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "20.0.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.2"
},
{
"model": "unified contact center enterprise - live data server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6.2"
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(5\\)"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "caddy",
"scope": "lt",
"trust": 1.0,
"vendor": "caddyserver",
"version": "2.7.5"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "expressway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "nghttp2",
"scope": "lt",
"trust": 1.0,
"vendor": "nghttp2",
"version": "1.57.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "openshift pipelines",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "unified contact center domain manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.0"
},
{
"model": "openshift secondary scheduler operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.1"
},
{
"model": "grpc",
"scope": "gte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.0"
},
{
"model": "swiftnio http\\/2",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "1.28.0"
},
{
"model": "openshift dev spaces",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "windows 10 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19044.3570"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "opensearch data prepper",
"scope": "lt",
"trust": 1.0,
"vendor": "amazon",
"version": "2.5.0"
},
{
"model": "telepresence video communication server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.003.009"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "linkerd",
"scope": "lte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.5"
},
{
"model": "service interconnect",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "machine deletion remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7.5"
},
{
"model": "windows 11 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22000.2538"
},
{
"model": "traefik",
"scope": "eq",
"trust": 1.0,
"vendor": "traefik",
"version": "3.0.0"
},
{
"model": "single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ios xr",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.11.2"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.0"
},
{
"model": "ultra cloud core - serving gateway function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"model": "secure malware analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.19.2"
},
{
"model": "self node remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.80"
},
{
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(1\\)"
},
{
"model": "cryostat",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "38"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "11.0.0"
},
{
"model": "grpc",
"scope": "lte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.59.2"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "openshift api for data protection",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "integration camel for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "support for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "prime infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10.4"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.93"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "nginx plus",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "r25"
},
{
"model": "web terminal",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(2\\)"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "ceph storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "proxygen",
"scope": "lt",
"trust": 1.0,
"vendor": "facebook",
"version": "2023.10.16.00"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4.2"
},
{
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.2.3"
},
{
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.0"
},
{
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"model": "windows 10 1607",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.14393.6351"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "crosswork zero touch provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "node maintenance operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "networking",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "grpc",
"scope": "eq",
"trust": 1.0,
"vendor": "grpc",
"version": "1.57.0"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "run once duration override operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip next service proxy for kubernetes",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.2"
},
{
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.56.3"
},
{
"model": "windows 10 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19045.3570"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.13"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "advanced cluster management for kubernetes",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "openresty",
"scope": "lt",
"trust": 1.0,
"vendor": "openresty",
"version": "1.21.4.3"
},
{
"model": "big-ip carrier-grade nat",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "windows 10 1809",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.17763.4974"
},
{
"model": "prime cable provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.1"
},
{
"model": "service telemetry framework",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.5"
},
{
"model": "windows server 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "crosswork data gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.0"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "contour",
"scope": "lt",
"trust": 1.0,
"vendor": "projectcontour",
"version": "2023-10-11"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.1.9"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r30"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.3"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.17.6"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "data center network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "openshift sandboxed containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.427"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "jboss data grid",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.0.0"
},
{
"model": "azure kubernetes service",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-08"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "9.4.53"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "process automation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "logging subsystem for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.24.10"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.27.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "crosswork situation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "ultra cloud core - policy control function",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.3"
},
{
"model": "connected mobile experiences",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.1"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "jboss a-mq streams",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.18.2"
},
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.2"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.17"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.2"
},
{
"model": "3scale api management platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "ansible automation platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.3"
},
{
"model": "traefik",
"scope": "lt",
"trust": 1.0,
"vendor": "traefik",
"version": "2.10.5"
},
{
"model": "openshift gitops",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"model": "go",
"scope": "gte",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.0"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.17"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.25.2"
},
{
"model": "windows server 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"model": "jboss a-mq",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.20"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "2.0.0"
},
{
"model": "ultra cloud core - session management function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "ultra cloud core - policy control function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "17.1"
},
{
"model": "network observability operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4.12"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.0.0"
},
{
"model": "http",
"scope": "eq",
"trust": 1.0,
"vendor": "ietf",
"version": "2.0"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "openshift developer tools and services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.26.4"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "fence agents remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "kazu yamamoto",
"version": "4.2.2"
},
{
"model": "ios xe",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "17.15.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip next service proxy for kubernetes",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "fog director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.22"
},
{
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.20.10"
},
{
"model": "migration toolkit for virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip ssl orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "prime access registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3.3"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "windows 11 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22621.2428"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "cert-manager operator for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "migration toolkit for containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "openshift data science",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "h2o",
"scope": "lt",
"trust": 1.0,
"vendor": "dena",
"version": "2023-10-10"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "2.4.2"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "akka",
"version": "10.5.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.1"
},
{
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.414.2"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openshift container platform assisted installer",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "astra control center",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "secure web appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "15.1.0"
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.25.9"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "apisix",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "3.6.1"
},
{
"model": "openshift serverless",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "3.3.0"
},
{
"model": "armeria",
"scope": "lt",
"trust": 1.0,
"vendor": "linecorp",
"version": "1.26.0"
},
{
"model": "unified contact center management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "build of optaplanner",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "linkerd",
"scope": "gte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "12.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
}
],
"trust": 0.9
},
"cve": "CVE-2023-44487",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-44487",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. \n\nThe purpose of this text-only errata is to inform you about the security issues fixed. See references for release notes. \n\n\n\n\nDescription:\n\nThis asynchronous patch is a security update zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.13. \n\n\n\n\nDescription:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7610.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.12.45 packages and security update\nAdvisory ID: RHSA-2023:7610-03\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:7610\nIssue date: 2023-12-06\nRevision: 03\nCVE Names: CVE-2023-44487\n====================================================================\n\nSummary: \n\nRed Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.45. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:7608\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* python-werkzeug: high resource consumption leading to denial of service (CVE-2023-46136)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html\n\n\nSolution:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2242803\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2243296\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2246310\n\n. ==========================================================================\nUbuntu Security Notice USN-6427-2\nOctober 19, 2023\n\ndotnet8 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n\nSummary:\n\n.NET could be made to crash if it received specially crafted network\ntraffic. \n\nSoftware Description:\n- dotnet8: .NET CLI tools and runtime\n\nDetails:\n\nUSN-6427-1 fixed a vulnerability in .NET. This update\nprovides the corresponding update for .NET 8. \n\nOriginal advisory details:\n\n It was discovered that the .NET Kestrel web server did not properly \nhandle\n HTTP/2 requests. A remote attacker could possibly use this issue to\n cause a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n aspnetcore-runtime-8.0 8.0.0~rc2-0ubuntu1\n dotnet-host-8.0 8.0.0~rc2-0ubuntu1\n dotnet-hostfxr-8.0 8.0.0~rc2-0ubuntu1\n dotnet-runtime-8.0 8.0.0~rc2-0ubuntu1\n dotnet-sdk-8.0 8.0.100~rc2-0ubuntu1\n dotnet8 8.0.100-8.0.0~rc2-0ubuntu1\n\nIn general, a standard system update will make all the necessary changes. \n\n\n\n\nDescription:\n\nVarnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up. \n\n\n\n\nDescription:\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175248"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44487",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/19/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/20/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/7",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/9",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/08/13/6",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "175342",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175348",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176087",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175248",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175231",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175211",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175248"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"id": "VAR-202310-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.384739252
},
"last_update_date": "2026-03-09T20:20:55.960000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"trust": 1.0,
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"trust": 1.0,
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"trust": 1.0,
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"trust": 1.0,
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"trust": 1.0,
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"trust": 1.0,
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"trust": 1.0,
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"trust": 1.0,
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"trust": 1.0,
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"trust": 1.0,
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-qppj-fm5r-hxr3"
},
{
"trust": 1.0,
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"trust": 1.0,
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"trust": 1.0,
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"trust": 1.0,
"url": "https://github.com/bcdannyboy/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"trust": 1.0,
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"trust": 1.0,
"url": "https://netty.io/news/2023/10/10/4-1-100-final.html"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-vx74-f528-fxqg"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"trust": 1.0,
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"trust": 1.0,
"url": "https://ubuntu.com/security/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"trust": 1.0,
"url": "https://github.com/golang/go/issues/63417"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://security.paloaltonetworks.com/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"trust": 1.0,
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"trust": 1.0,
"url": "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html"
},
{
"trust": 1.0,
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"trust": 1.0,
"url": "https://www.phoronix.com/news/http2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://github.com/kong/kong/discussions/11741"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"trust": 1.0,
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://groups.google.com/g/golang-announce/c/innxdtcjzvo"
},
{
"trust": 1.0,
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"trust": 1.0,
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html"
},
{
"trust": 1.0,
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"trust": 1.0,
"url": "https://github.com/arkrwn/poc/tree/main/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"trust": 1.0,
"url": "https://github.com/microsoft/cbl-mariner/pull/6381"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"trust": 1.0,
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://my.f5.com/manage/s/article/k000137106"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 1.0,
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"trust": 1.0,
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://github.com/line/armeria/pull/5232"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"trust": 1.0,
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-http2-reset-d8kf32vz"
},
{
"trust": 1.0,
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"trust": 1.0,
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"trust": 1.0,
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
},
{
"trust": 1.0,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2023-011/"
},
{
"trust": 1.0,
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"trust": 1.0,
"url": "https://github.com/azure/aks/issues/3947"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"trust": 1.0,
"url": "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"trust": 1.0,
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2023-q4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6117"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6117.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6137.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6080"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6080.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5978.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5715.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6144.json"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246310"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7610.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7608"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7610"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6427-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0~rc2-0ubuntu1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6427-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5924.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5850.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5850"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175248"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175248"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-26T14:32:57",
"db": "PACKETSTORM",
"id": "175342"
},
{
"date": "2023-10-26T14:34:38",
"db": "PACKETSTORM",
"id": "175348"
},
{
"date": "2023-10-24T15:57:22",
"db": "PACKETSTORM",
"id": "175307"
},
{
"date": "2023-10-23T14:26:48",
"db": "PACKETSTORM",
"id": "175273"
},
{
"date": "2023-10-23T14:21:23",
"db": "PACKETSTORM",
"id": "175263"
},
{
"date": "2023-10-30T12:35:28",
"db": "PACKETSTORM",
"id": "175390"
},
{
"date": "2023-12-07T13:59:56",
"db": "PACKETSTORM",
"id": "176087"
},
{
"date": "2023-10-20T14:37:00",
"db": "PACKETSTORM",
"id": "175248"
},
{
"date": "2023-10-20T14:32:43",
"db": "PACKETSTORM",
"id": "175231"
},
{
"date": "2023-10-19T13:51:14",
"db": "PACKETSTORM",
"id": "175211"
},
{
"date": "2023-10-10T14:15:10.883000",
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-07T19:00:41.810000",
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "175248"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2023-6117-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "175342"
}
],
"trust": 0.1
}
}
VAR-201405-0541
Vulnerability from variot - Updated: 2026-03-09 20:10Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Apache Tomcat is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. The following versions are vulnerable: Apache Tomcat 8.0.0-RC1 to 8.0.3 Apache Tomcat 7.0.0 to 7.0.52 Apache Tomcat 6.0.0 to 6.0.39. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:052 http://www.mandriva.com/en/support/security/
Package : tomcat Date : March 3, 2015 Affected: Business Server 1.0
Problem Description:
Updated tomcat packages fix security vulnerabilities:
Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a Transfer-Encoding: chunked header (CVE-2013-4286).
Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322).
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096).
In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227). The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS NzlDtJatpPDeZdZ4nlO1fgg= =NWBY -----END PGP SIGNATURE----- . (CVE-2014-0096)
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. Solution:
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security and bug fix update Advisory ID: RHSA-2014:0834-02 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0834.html Issue date: 2014-07-03 CVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 =====================================================================
- Summary:
Updated tomcat6 packages that fix three security issues and one bug are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 2 for RHEL 5 Server - noarch Red Hat JBoss Web Server 2 for RHEL 6 Server - noarch
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications.
It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)
It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. (CVE-2014-0099)
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.
This update also fixes the following bug:
The tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a dependency of Red Hat JBoss Web Server 2.0.1, included a build of commons-dbcp.jar that used an incorrect java package name, causing applications using this dependency to not function properly. With this update, the java package name has been corrected. (BZ#1101287)
All users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these updated tomcat6 packages, which contain backported patches to correct these issues. The Red Hat JBoss Web Server process must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header
- Package List:
Red Hat JBoss Web Server 2 for RHEL 5 Server:
Source: tomcat6-6.0.37-20_patch_04.ep6.el5.src.rpm
noarch: tomcat6-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-admin-webapps-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-docs-webapp-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-el-2.1-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-javadoc-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-lib-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-log4j-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-webapps-6.0.37-20_patch_04.ep6.el5.noarch.rpm
Red Hat JBoss Web Server 2 for RHEL 6 Server:
Source: tomcat6-6.0.37-29_patch_05.ep6.el6.src.rpm
noarch: tomcat6-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-admin-webapps-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-docs-webapp-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-el-2.1-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-javadoc-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-lib-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-log4j-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-webapps-6.0.37-29_patch_05.ep6.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTtaQUXlSAg2UNWIIRAnQNAJ9XOAJ7/QdoJa25ws3FiVfBOatOVwCgoOfn nr2IjzFsTM7cxwO3OBPd6HY= =oNNp -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the oldstable distribution (wheezy), these problems have been fixed in version 6.0.45+dfsg-1~deb7u1. Description:
Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section.
CVE-2012-6153 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-5783 fix
CVE-2014-3577 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
CVE-2013-4002 xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
CVE-2014-0005 security: PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application
CVE-2014-0075 jbossweb: tomcat: Limited DoS in chunked transfer encoding input filter
CVE-2014-0096 jbossweb: Apache Tomcat: XXE vulnerability via user supplied XSLTs
CVE-2014-0099 jbossweb: Apache Tomcat: Request smuggling via malicious content length header
CVE-2014-0119 jbossweb: Apache Tomcat 6: XML parser hijack by malicious web application
CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation
CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter
CVE-2014-3472 jboss-as-controller: JBoss AS Security: Invalid EJB caller role check implementation
CVE-2014-3490 RESTEasy: XXE via parameter entities
CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage
CVE-2014-3558 hibernate-validator: Hibernate Validator: JSM bypass via ReflectionHelper
CVE-2014-3578 spring: Spring Framework: Directory traversal
CVE-2014-3625 spring: Spring Framework: directory traversal flaw
CVE-2014-3682 jbpm-designer: XXE in BPMN2 import
CVE-2014-8114 UberFire: Information disclosure and RCE via insecure file upload/download servlets
CVE-2014-8115 KIE Workbench: Insufficient authorization constraints
Red Hat would like to thank James Roper of Typesafe for reporting the CVE-2014-0193 issue, CA Technologies for reporting the CVE-2014-3472 issue, Alexander Papadakis for reporting the CVE-2014-3530 issue, and David Jorm for reporting the CVE-2014-8114 and CVE-2014-8115 issues
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "7.0.52"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1.4"
},
{
"_id": null,
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.4"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.21"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.39"
},
{
"_id": null,
"model": "algo audit and compliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip webaccelerator hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip gtm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2014.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.21"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.12"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.5"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"_id": null,
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip asm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.5"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9.1"
},
{
"_id": null,
"model": "big-ip apm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.5"
},
{
"_id": null,
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.2"
},
{
"_id": null,
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.1.0"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.52"
},
{
"_id": null,
"model": "big-ip psm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "rational test virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"_id": null,
"model": "flashsystem 9843-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.11"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"_id": null,
"model": "rational test virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"_id": null,
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.23"
},
{
"_id": null,
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "big-ip ltm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.5"
},
{
"_id": null,
"model": "big-ip webaccelerator hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.1"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "secure analytics 2014.3r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"_id": null,
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.5"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.41"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2012.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "openvms csws java",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.29"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.40"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.4"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip link controller hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.1"
},
{
"_id": null,
"model": "big-ip link controller hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.3"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "aura application server sip core pb23",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "big-ip asm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"_id": null,
"model": "big-ip ltm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "cognos business viewpoint fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.44"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.2"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "rational automation framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.5"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.14"
},
{
"_id": null,
"model": "big-ip gtm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"_id": null,
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.8.0"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"_id": null,
"model": "jboss web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0.1"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.1"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.51"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.12"
},
{
"_id": null,
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "flex system",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "storwize unified",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.34"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.2"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.23"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.3"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"_id": null,
"model": "storwize unified",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.2"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2.2"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2.1"
},
{
"_id": null,
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "cognos business viewpoint fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.0"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.5"
},
{
"_id": null,
"model": "big-ip psm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"_id": null,
"model": "big-ip apm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "algo audit and compliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "tomcat 8.0.0-rc6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat 8.0.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"_id": null,
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "secure analytics 2013.2r9",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.1"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.41"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.21"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "aura application server sip core pb28",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.5"
},
{
"_id": null,
"model": "big-ip link controller hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip edge gateway hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "tomcat 8.0.0-rc10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.1"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.5"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"_id": null,
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.5"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.20"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2014.2"
},
{
"_id": null,
"model": "big-ip edge gateway hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.14"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.40"
},
{
"_id": null,
"model": "flashsystem 9848-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.32"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"_id": null,
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.29"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "big-ip wom hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip analytics 11.0.0-hf2",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "big-ip afm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"_id": null,
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.3.0"
},
{
"_id": null,
"model": "big-ip asm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.0"
},
{
"_id": null,
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.3"
},
{
"_id": null,
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"_id": null,
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.0"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.11"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "flashsystem 9846-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.4"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "jboss enterprise web server el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"_id": null,
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2.3"
},
{
"_id": null,
"model": "big-ip psm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.45"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura application server sip core pb19",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "tomcat rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.0"
},
{
"_id": null,
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.01"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.33"
},
{
"_id": null,
"model": "security threat response manager 2013.2r9",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.3.0"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.25"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.6"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.1.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1.1"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.13"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.2"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"_id": null,
"model": "smartcloud provisioning fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.11"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.0.0"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.3"
},
{
"_id": null,
"model": "rational lifecycle adapter for hp alm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.2"
},
{
"_id": null,
"model": "big-ip link controller hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.02"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"_id": null,
"model": "smartcloud provisioning fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.35"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "aura application server sip core pb3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"_id": null,
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "smartcloud provisioning fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.15"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.9.0"
},
{
"_id": null,
"model": "aura application server sip core pb26",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"_id": null,
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.2.17.03"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.10"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.3"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2.0"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.51"
},
{
"_id": null,
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.4"
},
{
"_id": null,
"model": "big-ip analytics hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"_id": null,
"model": "big-ip gtm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip gtm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"_id": null,
"model": "aura presence services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.11"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.5"
},
{
"_id": null,
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "aura application server sip core pb5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"_id": null,
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.5"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "rational lifecycle adapter for hp alm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "tomcat rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "qradar security information and event manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.13"
},
{
"_id": null,
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"_id": null,
"model": "big-ip psm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.4"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "aura conferencing sp1 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.0.0"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.22"
},
{
"_id": null,
"model": "qradar security information and event manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.53"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"_id": null,
"model": "tomcat 8.0.0-rc5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1.0.9"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"_id": null,
"model": "aura application server sip core pb25",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"_id": null,
"model": "tomcat rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "flashsystem",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8400"
},
{
"_id": null,
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"_id": null,
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.00"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.36.01"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "flashsystem 9848-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.13"
},
{
"_id": null,
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.51"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.0"
},
{
"_id": null,
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.12"
},
{
"_id": null,
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"_id": null,
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.5"
},
{
"_id": null,
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.5"
},
{
"_id": null,
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "flex system",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "flashsystem 9846-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"_id": null,
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip ltm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "big-ip wom hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "big-ip analytics hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "jboss enterprise application platform el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "tomcat rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.1"
},
{
"_id": null,
"model": "aura application server sip core pb16",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "rational automation framework ifix1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.5"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.00"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "cognos business viewpoint fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"_id": null,
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "jboss enterprise application platform el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "tomcat 8.0.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"_id": null,
"model": "aura messaging sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "big-ip pem hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "jboss enterprise web server el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.1"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "smartcloud provisioning fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.31"
},
{
"_id": null,
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "67668"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-588"
},
{
"db": "NVD",
"id": "CVE-2014-0099"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "130430"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "127336"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "PACKETSTORM",
"id": "130429"
}
],
"trust": 0.5
},
"cve": "CVE-2014-0099",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0099",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0099",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-588",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-588"
},
{
"db": "NVD",
"id": "CVE-2014-0099"
}
]
},
"description": {
"_id": null,
"data": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Apache Tomcat is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. \nThe following versions are vulnerable:\nApache Tomcat 8.0.0-RC1 to 8.0.3\nApache Tomcat 7.0.0 to 7.0.52\nApache Tomcat 6.0.0 to 6.0.39. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:052\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : tomcat\n Date : March 3, 2015\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated tomcat packages fix security vulnerabilities:\n \n Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP\n connector is used, does not properly handle certain inconsistent HTTP\n request headers, which allows remote attackers to trigger incorrect\n identification of a request\u0026#039;s length and conduct request-smuggling\n attacks via (1) multiple Content-Length headers or (2) a Content-Length\n header and a Transfer-Encoding: chunked header (CVE-2013-4286). \n \n Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding\n without properly handling (1) a large total amount of chunked data or\n (2) whitespace characters in an HTTP header value within a trailer\n field, which allows remote attackers to cause a denial of service by\n streaming data (CVE-2013-4322). \n \n java/org/apache/catalina/servlets/DefaultServlet.java in the default\n servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not\n properly restrict XSLT stylesheets, which allows remote attackers\n to bypass security-manager restrictions and read arbitrary files\n via a crafted web application that provides an XML external entity\n declaration in conjunction with an entity reference, related to an\n XML External Entity (XXE) issue (CVE-2014-0096). \n \n In Apache Tomcat 7.x before 7.0.55, it was possible to craft a\n malformed chunk as part of a chunked request that caused Tomcat to\n read part of the request body as a new request (CVE-2014-0227). The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFU9XSSmqjQ0CJFipgRAorsAKDX0BTWLEiMn3+FR9/Xn58Pw7GIMwCfRAbS\nNzlDtJatpPDeZdZ4nlO1fgg=\n=NWBY\n-----END PGP SIGNATURE-----\n. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security and bug fix update\nAdvisory ID: RHSA-2014:0834-02\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0834.html\nIssue date: 2014-07-03\nCVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 \n=====================================================================\n\n1. Summary:\n\nUpdated tomcat6 packages that fix three security issues and one bug are now\navailable for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5\nand 6. \n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 2 for RHEL 5 Server - noarch\nRed Hat JBoss Web Server 2 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. \n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. \n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity. \n\nThis update also fixes the following bug:\n\nThe tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a\ndependency of Red Hat JBoss Web Server 2.0.1, included a build of\ncommons-dbcp.jar that used an incorrect java package name, causing\napplications using this dependency to not function properly. With this\nupdate, the java package name has been corrected. (BZ#1101287)\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these\nupdated tomcat6 packages, which contain backported patches to correct these\nissues. The Red Hat JBoss Web Server process must be restarted for the\nupdate to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files). \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header\n\n6. Package List:\n\nRed Hat JBoss Web Server 2 for RHEL 5 Server:\n\nSource:\ntomcat6-6.0.37-20_patch_04.ep6.el5.src.rpm\n\nnoarch:\ntomcat6-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-admin-webapps-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-docs-webapp-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-el-2.1-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-javadoc-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-lib-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-log4j-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-webapps-6.0.37-20_patch_04.ep6.el5.noarch.rpm\n\nRed Hat JBoss Web Server 2 for RHEL 6 Server:\n\nSource:\ntomcat6-6.0.37-29_patch_05.ep6.el6.src.rpm\n\nnoarch:\ntomcat6-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-admin-webapps-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-docs-webapp-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-el-2.1-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-javadoc-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-lib-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-log4j-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-webapps-6.0.37-29_patch_05.ep6.el6.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0075.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0096.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0099.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTtaQUXlSAg2UNWIIRAnQNAJ9XOAJ7/QdoJa25ws3FiVfBOatOVwCgoOfn\nnr2IjzFsTM7cxwO3OBPd6HY=\n=oNNp\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 6.0.45+dfsg-1~deb7u1. Description:\n\nRed Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes. \n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM\nSuite 6.0.3, and includes bug fixes and enhancements. It includes various\nbug fixes, which are listed in the README file included with the patch\nfiles. \n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section. \n\nCVE-2012-6153 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-6153 fix\n\nCVE-2013-4002 xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service\n(JAXP, 8017298)\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2014-0005 security: PicketBox/JBossSX: Unauthorized access to and\nmodification of application server configuration and state by application\n\nCVE-2014-0075 jbossweb: tomcat: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0096 jbossweb: Apache Tomcat: XXE vulnerability via user supplied\nXSLTs\n\nCVE-2014-0099 jbossweb: Apache Tomcat: Request smuggling via malicious\ncontent length header\n\nCVE-2014-0119 jbossweb: Apache Tomcat 6: XML parser hijack by malicious web\napplication\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-3472 jboss-as-controller: JBoss AS Security: Invalid EJB caller\nrole check implementation\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3558 hibernate-validator: Hibernate Validator: JSM bypass via\nReflectionHelper\n\nCVE-2014-3578 spring: Spring Framework: Directory traversal\n\nCVE-2014-3625 spring: Spring Framework: directory traversal flaw\n\nCVE-2014-3682 jbpm-designer: XXE in BPMN2 import\n\nCVE-2014-8114 UberFire: Information disclosure and RCE via insecure file\nupload/download servlets\n\nCVE-2014-8115 KIE Workbench: Insufficient authorization constraints\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue, CA Technologies for reporting the CVE-2014-3472 issue,\nAlexander Papadakis for reporting the CVE-2014-3530 issue, and David Jorm\nfor reporting the CVE-2014-8114 and CVE-2014-8115 issues",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0099"
},
{
"db": "BID",
"id": "67668"
},
{
"db": "PACKETSTORM",
"id": "130430"
},
{
"db": "PACKETSTORM",
"id": "130617"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "127336"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "PACKETSTORM",
"id": "136437"
},
{
"db": "PACKETSTORM",
"id": "130429"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0099",
"trust": 2.6
},
{
"db": "BID",
"id": "67668",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "59678",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60793",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59835",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59849",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59121",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59732",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59873",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60729",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1030302",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201405-588",
"trust": 0.6
},
{
"db": "JUNIPER",
"id": "JSA10657",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "130430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130617",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127366",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127336",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127335",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136437",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130429",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "67668"
},
{
"db": "PACKETSTORM",
"id": "130430"
},
{
"db": "PACKETSTORM",
"id": "130617"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "127336"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "PACKETSTORM",
"id": "136437"
},
{
"db": "PACKETSTORM",
"id": "130429"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-588"
},
{
"db": "NVD",
"id": "CVE-2014-0099"
}
]
},
"id": "VAR-201405-0541",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.452724815
},
"last_update_date": "2026-03-09T20:10:06.569000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-189",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0099"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.9,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.9,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.7,
"url": "http://advisories.mageia.org/mgasa-2014-0268.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-february/150282.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0675.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1030302"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60729"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59121"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59732"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/may/138"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59678"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59835"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04851013"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:052"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:053"
},
{
"trust": 1.6,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/67668"
},
{
"trust": 1.6,
"url": "http://linux.oracle.com/errata/elsa-2014-0865.html"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59873"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0720.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59849"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/may/140"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60793"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0765.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0842.html"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0834.html"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0833.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682740"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686477"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0843.html"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10657\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100182149"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04851013"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04223376"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04483248"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684910"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677448"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678135"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0827.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0835.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0836.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683334"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004849"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682393"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004867"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004860"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683430"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683445"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677222"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684768"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679568"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691579"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004997"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020714"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691580"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676983"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15432.html?ref=rss"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678892"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685137"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0096.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0075.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0099.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2013-4002"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8115"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8114"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3530"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2013-5855"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3558"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0099"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0005"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3558"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5855"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0096"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0193"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3472"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3490"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3472"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3682"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3578"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4002"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0193"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0227"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0075"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2012-6153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0119"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3530"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3578"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3682"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8115"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0235.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=distributions\u0026version=6.0.3"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0148.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0081.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.2.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0119.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7810"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5174"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0230"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0234.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite\u0026downloadtype=distributions\u0026version=6.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "67668"
},
{
"db": "PACKETSTORM",
"id": "130430"
},
{
"db": "PACKETSTORM",
"id": "130617"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "127336"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "PACKETSTORM",
"id": "136437"
},
{
"db": "PACKETSTORM",
"id": "130429"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-588"
},
{
"db": "NVD",
"id": "CVE-2014-0099"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "BID",
"id": "67668",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130430",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130617",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127366",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127336",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127335",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136437",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130429",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201405-588",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0099",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "BID",
"id": "67668",
"ident": null
},
{
"date": "2015-02-17T22:24:00",
"db": "PACKETSTORM",
"id": "130430",
"ident": null
},
{
"date": "2015-03-03T16:54:21",
"db": "PACKETSTORM",
"id": "130617",
"ident": null
},
{
"date": "2014-07-07T20:28:32",
"db": "PACKETSTORM",
"id": "127366",
"ident": null
},
{
"date": "2014-07-03T23:00:39",
"db": "PACKETSTORM",
"id": "127336",
"ident": null
},
{
"date": "2014-07-03T23:00:31",
"db": "PACKETSTORM",
"id": "127335",
"ident": null
},
{
"date": "2016-03-26T13:13:00",
"db": "PACKETSTORM",
"id": "136437",
"ident": null
},
{
"date": "2015-02-17T22:23:00",
"db": "PACKETSTORM",
"id": "130429",
"ident": null
},
{
"date": "2014-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-588",
"ident": null
},
{
"date": "2014-05-31T11:17:13.297000",
"db": "NVD",
"id": "CVE-2014-0099",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-05-23T16:27:00",
"db": "BID",
"id": "67668",
"ident": null
},
{
"date": "2019-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-588",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0099",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130617"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "127336"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-588"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "Apache Tomcat Digital error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-588"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-588"
}
],
"trust": 0.6
}
}
VAR-202005-1052
Vulnerability from variot - Updated: 2026-03-09 19:59When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. A deserialization flaw exists in Apache Tomcat's use of a FileStore. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-9484) The fix for CVE-2020-9484 was incomplete. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329).
For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u2.
We recommend that you upgrade your tomcat9 packages.
For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BwACgkQEMKTtsN8 TjbUrw//fOLw1bfjQwHr4fug5xgGtIjccQvMgZ6r4jVWDNUWGns/n0HBIg7IFANW 1LTBXunNygapGke96Cexs/mimcs47wr9Xj6B9R7935NgF7dbXiDPhX99fmMSu4qE mpt9GmynGSOqr2qt+bHMZSIrZ2rpT/WoDbmnVvK0h30Il7VZ2pMEbzq7gd7sfsbO 0FbQr9kza5d5kvih7DLfq/7plhLouyUhzAab3UUJvI1B3ASD4pfEFDSmBJusHJGG 2CTtrO8IFUyYW0ev4/I2KT6rrFiXccEtFhUlpU09SLpy96FP161UVoHILkPHhfqI 9XILKEf0mKVlDfq5q2TOY5WVl8palc5o/Z3xefO4/wZc7/qNNnyzwcNHl6s14czv REID8Llfbro3/XWHkwLXPNFr1VzYXZSX1XhTwKWPWaH+L5WsUSr5uryqIUvSQ96L tTWv3G7KZDwVlio1XJ1t7ZxMkKqEBjvucShFgaOIw1nVD1IrssMKMz9UJQCd4fH5 RtUakyBzUuPbAhUcunMj23n2slZ9WbCANIGKy56O6R71rYI9mYOG2nF2IuUct/F2 iG3/SLJCe2ghVx2Lgz8/nBhZfPEF5FZ2kPHb9KpjjyZ+vl8ZXH83heaYDlDAknXS bTsyFezxJiAwaa9xozjItZPdIBFP9lG8Txmv1AotH7WV/8dRsOU= =E8Ei -----END PGP SIGNATURE----- . The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.9.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/
- Bugs fixed (https://bugzilla.redhat.com/):
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS 1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath 1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame
- ========================================================================== Ubuntu Security Notice USN-6908-1 July 23, 2024
tomcat vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Tomcat.
Software Description: - tomcat7: Servlet 3.0 and JSP 2.2 Java API classes
Details:
It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)
It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. (CVE-2020-9484, CVE-2021-25329)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS libservlet3.0-java 7.0.78-1ubuntu0.1~esm1 Available with Ubuntu Pro
Ubuntu 16.04 LTS libservlet3.0-java 7.0.68-1ubuntu0.4+esm2 Available with Ubuntu Pro libtomcat7-java 7.0.68-1ubuntu0.4+esm2 Available with Ubuntu Pro tomcat7 7.0.68-1ubuntu0.4+esm2 Available with Ubuntu Pro
Ubuntu 14.04 LTS libservlet3.0-java 7.0.52-1ubuntu0.16+esm1 Available with Ubuntu Pro libtomcat7-java 7.0.52-1ubuntu0.16+esm1 Available with Ubuntu Pro tomcat7 7.0.52-1ubuntu0.16+esm1 Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: tomcat security update Advisory ID: RHSA-2020:2530-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2530 Issue date: 2020-06-11 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary:
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
- tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: tomcat-7.0.76-12.el7_8.src.rpm
noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXuH9rtzjgjWX9erEAQiuZA/7BY8EEQxcPpMTuZ1szv08nHLdHOShDyEr UqhsbGTHUgsqb+cIwbOJrz3nn66y4S/5MIDyUUI/77t5/z/LR8rD7zM+6mPcQyVy QjSTPH8xiVNq4CyMCJggmsb+jecS5BHRDEhHKjEyuqWCx9wJlQQTTFMvlUBypXLt AxJqARUjSFmgxSdjbZDhDIzpNH5RR0lyKCuHf9yd+X9FNomFEAFIjLz6oSXDiMYp Lf4YPas24BmF7CXTajzecKM2PZZEehtNVFFQLi96APXLQq8uZBw+8d4gTSq7SEsy U6MZm3R+1Lp9BgGgxD80dRDoAIFL1KNRKJnRUPan+SSKYLPkU2dOwdPVd2t4OxY1 whBcfo8z6zsGTHIxXu7756/AUYhBkvrI2CVOp1tzM+SMDlLkJL9eBuTbXw98ipI0 jAUKlqxksz///7ZCWugsLt9VhDZRSXUSk7JQ4ASQ9bQFouzsUiEv0MSTRW+ym9HU 8/FjgG/yznR3DrHOjKVY++Dw2LUg2lv/viBVjCl2h9lZoULK3eBwIUJ0fOYCRUOK mytOuin4i+pI+jHCm/W91sK+piAB5yirVpqra98zXaDGayN+V6mdTr3omPsNDMP5 VtOWpWiInHKmeN1cErONkxeAT/zHdFagRXEhqbnArSoZIC/SV4KrykDGHw+ldO/o yI/DufEuzcM\xbfNT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 7.0.104:7 >= 7.0.104:7 < 8.5.55:8.5 >= 8.5.55:8.5
Description
Apache Tomcat improperly handles deserialization of files under specific circumstances.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 7.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.104"
All Apache Tomcat 8.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.55"
References
[ 1 ] CVE-2020-9484 https://nvd.nist.gov/vuln/detail/CVE-2020-9484 [ 2 ] Upstream advisory (7) https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104 [ 3 ] Upstream advisory (8.5) https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202006-21
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.9.1"
},
{
"_id": null,
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.10.0"
},
{
"_id": null,
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.108"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"_id": null,
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.9.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21c"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4.0.5"
},
{
"_id": null,
"model": "workload manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "fmw platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.43"
},
{
"_id": null,
"model": "fmw platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "10.0.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "siebel apps - marketing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.9"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.3"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "workload manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"_id": null,
"model": "workload manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.5"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"_id": null,
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.1"
},
{
"_id": null,
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.63"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"_id": null,
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
}
],
"trust": 0.7
},
"cve": "CVE-2020-9484",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2020-9484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-187609",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2020-9484",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187609",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9484",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"description": {
"_id": null,
"data": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. A deserialization flaw exists in Apache Tomcat\u0027s use of a FileStore. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-9484)\nThe fix for CVE-2020-9484 was incomplete. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329). \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 9.0.31-1~deb10u2. \n\nWe recommend that you upgrade your tomcat9 packages. \n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BwACgkQEMKTtsN8\nTjbUrw//fOLw1bfjQwHr4fug5xgGtIjccQvMgZ6r4jVWDNUWGns/n0HBIg7IFANW\n1LTBXunNygapGke96Cexs/mimcs47wr9Xj6B9R7935NgF7dbXiDPhX99fmMSu4qE\nmpt9GmynGSOqr2qt+bHMZSIrZ2rpT/WoDbmnVvK0h30Il7VZ2pMEbzq7gd7sfsbO\n0FbQr9kza5d5kvih7DLfq/7plhLouyUhzAab3UUJvI1B3ASD4pfEFDSmBJusHJGG\n2CTtrO8IFUyYW0ev4/I2KT6rrFiXccEtFhUlpU09SLpy96FP161UVoHILkPHhfqI\n9XILKEf0mKVlDfq5q2TOY5WVl8palc5o/Z3xefO4/wZc7/qNNnyzwcNHl6s14czv\nREID8Llfbro3/XWHkwLXPNFr1VzYXZSX1XhTwKWPWaH+L5WsUSr5uryqIUvSQ96L\ntTWv3G7KZDwVlio1XJ1t7ZxMkKqEBjvucShFgaOIw1nVD1IrssMKMz9UJQCd4fH5\nRtUakyBzUuPbAhUcunMj23n2slZ9WbCANIGKy56O6R71rYI9mYOG2nF2IuUct/F2\niG3/SLJCe2ghVx2Lgz8/nBhZfPEF5FZ2kPHb9KpjjyZ+vl8ZXH83heaYDlDAknXS\nbTsyFezxJiAwaa9xozjItZPdIBFP9lG8Txmv1AotH7WV/8dRsOU=\n=E8Ei\n-----END PGP SIGNATURE-----\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers\n1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature\n1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability\n1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE\n1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack\n1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS\n1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS\n1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl\n1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS\n1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling\n1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack\n1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid\n1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used\n1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error\n1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs\n1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution\n1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability\n1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath\n1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass\n1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling\n1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible\n1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API\n1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates\n1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file\n1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file\n1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame\n\n5. ==========================================================================\nUbuntu Security Notice USN-6908-1\nJuly 23, 2024\n\ntomcat vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. \n\nSoftware Description:\n- tomcat7: Servlet 3.0 and JSP 2.2 Java API classes\n\nDetails:\n\nIt was discovered that the Tomcat SSI printenv command echoed user\nprovided data without escaping it. An attacker could possibly use this\nissue to perform an XSS attack. (CVE-2019-0221)\n\nIt was discovered that Tomcat incorrectly handled certain uncommon\nPersistenceManager with FileStore configurations. \n(CVE-2020-9484, CVE-2021-25329)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS\nlibservlet3.0-java 7.0.78-1ubuntu0.1~esm1\nAvailable with Ubuntu Pro\n\nUbuntu 16.04 LTS\nlibservlet3.0-java 7.0.68-1ubuntu0.4+esm2\nAvailable with Ubuntu Pro\nlibtomcat7-java 7.0.68-1ubuntu0.4+esm2\nAvailable with Ubuntu Pro\ntomcat7 7.0.68-1ubuntu0.4+esm2\nAvailable with Ubuntu Pro\n\nUbuntu 14.04 LTS\nlibservlet3.0-java 7.0.52-1ubuntu0.16+esm1\nAvailable with Ubuntu Pro\nlibtomcat7-java 7.0.52-1ubuntu0.16+esm1\nAvailable with Ubuntu Pro\ntomcat7 7.0.52-1ubuntu0.16+esm1\nAvailable with Ubuntu Pro\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a\nreplacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which\nare documented in the Release Notes document linked to in the References. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nRed Hat support for Spring Boot provides an application platform that\nreduces the complexity of developing and operating applications (monoliths\nand microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: tomcat security update\nAdvisory ID: RHSA-2020:2530-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2530\nIssue date: 2020-06-11\nCVE Names: CVE-2020-9484\n====================================================================\n1. Summary:\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. \n\nSecurity Fix(es):\n\n* tomcat: deserialization flaw in session persistence storage leading to\nRCE (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ntomcat-7.0.76-12.el7_8.src.rpm\n\nnoarch:\ntomcat-7.0.76-12.el7_8.noarch.rpm\ntomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm\ntomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-lib-7.0.76-12.el7_8.noarch.rpm\ntomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm\ntomcat-webapps-7.0.76-12.el7_8.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\ntomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm\ntomcat-javadoc-7.0.76-12.el7_8.noarch.rpm\ntomcat-jsvc-7.0.76-12.el7_8.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-9484\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXuH9rtzjgjWX9erEAQiuZA/7BY8EEQxcPpMTuZ1szv08nHLdHOShDyEr\nUqhsbGTHUgsqb+cIwbOJrz3nn66y4S/5MIDyUUI/77t5/z/LR8rD7zM+6mPcQyVy\nQjSTPH8xiVNq4CyMCJggmsb+jecS5BHRDEhHKjEyuqWCx9wJlQQTTFMvlUBypXLt\nAxJqARUjSFmgxSdjbZDhDIzpNH5RR0lyKCuHf9yd+X9FNomFEAFIjLz6oSXDiMYp\nLf4YPas24BmF7CXTajzecKM2PZZEehtNVFFQLi96APXLQq8uZBw+8d4gTSq7SEsy\nU6MZm3R+1Lp9BgGgxD80dRDoAIFL1KNRKJnRUPan+SSKYLPkU2dOwdPVd2t4OxY1\nwhBcfo8z6zsGTHIxXu7756/AUYhBkvrI2CVOp1tzM+SMDlLkJL9eBuTbXw98ipI0\njAUKlqxksz///7ZCWugsLt9VhDZRSXUSk7JQ4ASQ9bQFouzsUiEv0MSTRW+ym9HU\n8/FjgG/yznR3DrHOjKVY++Dw2LUg2lv/viBVjCl2h9lZoULK3eBwIUJ0fOYCRUOK\nmytOuin4i+pI+jHCm/W91sK+piAB5yirVpqra98zXaDGayN+V6mdTr3omPsNDMP5\nVtOWpWiInHKmeN1cErONkxeAT/zHdFagRXEhqbnArSoZIC/SV4KrykDGHw+ldO/o\nyI/DufEuzcM\\xbfNT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat \u003c 7.0.104:7 \u003e= 7.0.104:7 \n \u003c 8.5.55:8.5 \u003e= 8.5.55:8.5 \n\nDescription\n===========\n\nApache Tomcat improperly handles deserialization of files under\nspecific circumstances. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat 7.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.104\"\n\nAll Apache Tomcat 8.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-8.5.55\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-9484\n https://nvd.nist.gov/vuln/detail/CVE-2020-9484\n[ 2 ] Upstream advisory (7)\n https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104\n[ 3 ] Upstream advisory (8.5)\n https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202006-21\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9484"
},
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "179696"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
},
{
"db": "PACKETSTORM",
"id": "158103"
}
],
"trust": 1.98
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-187609",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-9484",
"trust": 2.2
},
{
"db": "PACKETSTORM",
"id": "157924",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10332",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/01/2",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "158029",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158032",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158049",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158034",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158050",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158103",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158621",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158030",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167841",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159666",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-98234",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-34449",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1078",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187609",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168857",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179696",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "VULMON",
"id": "CVE-2020-9484"
},
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "179696"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
},
{
"db": "PACKETSTORM",
"id": "158103"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"id": "VAR-202005-1052",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T19:59:58.474000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202509 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202530 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202506 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202487 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202529 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202483 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: tomcat9: CVE-2020-9484",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cc55062b1693f83a222063668ffd932c"
},
{
"title": "Red Hat: Important: Red Hat support for Spring Boot 2.1.15 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203017 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1389",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1389"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1390",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1390"
},
{
"title": "Arch Linux Advisories: [ASA-202006-5] tomcat8: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202006-5"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1449",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1449"
},
{
"title": "Arch Linux Advisories: [ASA-202006-7] tomcat9: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202006-7"
},
{
"title": "Arch Linux Advisories: [ASA-202005-19] tomcat7: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-19"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1493",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1493"
},
{
"title": "Amazon Linux 2: ALASTOMCAT8.5-2023-008",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASTOMCAT8.5-2023-008"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1491",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1491"
},
{
"title": "Arch Linux Advisories: [ASA-202005-18] tomcat9: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-18"
},
{
"title": "Arch Linux Advisories: [ASA-202006-6] tomcat7: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202006-6"
},
{
"title": "Arch Linux Advisories: [ASA-202005-20] tomcat8: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-20"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-9484 log"
},
{
"title": "Debian Security Advisories: DSA-4727-1 tomcat9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=948379f644728cd78397969845b23817"
},
{
"title": "Debian Security Advisories: DSA-5265-1 tomcat9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5ff46eee51fe9c568d7579825e9f7646"
},
{
"title": "Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5360-1"
},
{
"title": "Amazon Linux 2: ALASTOMCAT8.5-2023-009",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASTOMCAT8.5-2023-009"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b4bdf241c7e678e09423e98e7d3134b8"
},
{
"title": "IBM: Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6625900b3dffe0c4351300480ad4824f"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.11.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225532 - Security Advisory"
},
{
"title": "https://github.com/osamahamad/CVE-2020-9484-Mass-Scan",
"trust": 0.1,
"url": "https://github.com/osamahamad/CVE-2020-9484-Mass-Scan "
},
{
"title": "https://github.com/anjai94/CVE-2020-9484-exploit",
"trust": 0.1,
"url": "https://github.com/anjai94/CVE-2020-9484-exploit "
},
{
"title": "CVE-2020-9484",
"trust": 0.1,
"url": "https://github.com/DXY0411/CVE-2020-9484 "
},
{
"title": "CVE-2020-9484",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/CVE-2020-9484 "
},
{
"title": "summary",
"trust": 0.1,
"url": "https://github.com/Catbamboo/Catbamboo.github.io "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9484"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202006-21"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2020/dsa-4727"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/jun/6"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/157924/apache-tomcat-cve-2020-9484-proof-of-concept.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4448-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4596-1/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3cusers.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10332"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9484"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-9484"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11996"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13934"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10332"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3cusers.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/tomcat9"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5410"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25638"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27807"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6908-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2529"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3017"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.spring.boot\u0026version=2.1.15"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2530"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=5.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.3/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2506"
},
{
"trust": 0.1,
"url": "https://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.104"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.5.55"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187609"
},
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "179696"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158050"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158049"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
},
{
"db": "PACKETSTORM",
"id": "158103"
},
{
"db": "NVD",
"id": "CVE-2020-9484"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-187609",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-9484",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168857",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163798",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "179696",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158029",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158050",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158621",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158049",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158034",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158032",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158103",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-9484",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-05-20T00:00:00",
"db": "VULHUB",
"id": "VHN-187609",
"ident": null
},
{
"date": "2020-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9484",
"ident": null
},
{
"date": "2020-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "168857",
"ident": null
},
{
"date": "2021-08-12T15:42:56",
"db": "PACKETSTORM",
"id": "163798",
"ident": null
},
{
"date": "2024-07-24T13:32:46",
"db": "PACKETSTORM",
"id": "179696",
"ident": null
},
{
"date": "2020-06-11T16:32:58",
"db": "PACKETSTORM",
"id": "158029",
"ident": null
},
{
"date": "2020-06-11T16:36:37",
"db": "PACKETSTORM",
"id": "158050",
"ident": null
},
{
"date": "2020-07-27T18:44:59",
"db": "PACKETSTORM",
"id": "158621",
"ident": null
},
{
"date": "2020-06-11T16:36:30",
"db": "PACKETSTORM",
"id": "158049",
"ident": null
},
{
"date": "2020-06-11T16:33:52",
"db": "PACKETSTORM",
"id": "158034",
"ident": null
},
{
"date": "2020-06-11T16:33:22",
"db": "PACKETSTORM",
"id": "158032",
"ident": null
},
{
"date": "2020-06-16T00:56:11",
"db": "PACKETSTORM",
"id": "158103",
"ident": null
},
{
"date": "2020-05-20T19:15:09.257000",
"db": "NVD",
"id": "CVE-2020-9484",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-187609",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9484",
"ident": null
},
{
"date": "2024-11-21T05:40:44.420000",
"db": "NVD",
"id": "CVE-2020-9484",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "179696"
}
],
"trust": 0.2
},
"title": {
"_id": null,
"data": "Debian Security Advisory 4727-1",
"sources": [
{
"db": "PACKETSTORM",
"id": "168857"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "168857"
},
{
"db": "PACKETSTORM",
"id": "158029"
},
{
"db": "PACKETSTORM",
"id": "158621"
},
{
"db": "PACKETSTORM",
"id": "158034"
},
{
"db": "PACKETSTORM",
"id": "158032"
}
],
"trust": 0.5
}
}
VAR-201607-0321
Vulnerability from variot - Updated: 2026-03-07 22:37The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service (DoS). TERASOLUNA FW(Struts1) Team of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Processing a specially crafted request may result in the server's CPU resources to be exhausted. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to become unresponsive; resulting in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update Advisory ID: RHSA-2017:0455-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2017:0455 Issue date: 2015-11-12 Updated on: 2017-03-07 CVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, ppc64, x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
-
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
-
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
-
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
-
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
-
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
-
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
-
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
-
It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
-
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service 1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation 1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation 1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources 1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters 1390520 - CVE-2016-6794 tomcat: system property disclosure 1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function 1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation 1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests 1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener 1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
- JIRA issues fixed (https://issues.jboss.org/):
JWS-267 - RHEL 6 Errata JIRA
- Package List:
Red Hat JBoss Web Server 3.1 for RHEL 6:
Source: hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.src.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.src.rpm jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.src.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.src.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.src.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.src.rpm tomcat7-7.0.70-16.ep7.el6.src.rpm tomcat8-8.0.36-17.ep7.el6.src.rpm
i386: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.i686.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.i686.rpm tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.i686.rpm
noarch: hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.noarch.rpm tomcat7-7.0.70-16.ep7.el6.noarch.rpm tomcat7-admin-webapps-7.0.70-16.ep7.el6.noarch.rpm tomcat7-docs-webapp-7.0.70-16.ep7.el6.noarch.rpm tomcat7-el-2.2-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-javadoc-7.0.70-16.ep7.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-jsvc-7.0.70-16.ep7.el6.noarch.rpm tomcat7-lib-7.0.70-16.ep7.el6.noarch.rpm tomcat7-log4j-7.0.70-16.ep7.el6.noarch.rpm tomcat7-selinux-7.0.70-16.ep7.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-webapps-7.0.70-16.ep7.el6.noarch.rpm tomcat8-8.0.36-17.ep7.el6.noarch.rpm tomcat8-admin-webapps-8.0.36-17.ep7.el6.noarch.rpm tomcat8-docs-webapp-8.0.36-17.ep7.el6.noarch.rpm tomcat8-el-2.2-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-javadoc-8.0.36-17.ep7.el6.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-jsvc-8.0.36-17.ep7.el6.noarch.rpm tomcat8-lib-8.0.36-17.ep7.el6.noarch.rpm tomcat8-log4j-8.0.36-17.ep7.el6.noarch.rpm tomcat8-selinux-8.0.36-17.ep7.el6.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-webapps-8.0.36-17.ep7.el6.noarch.rpm
ppc64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm
x86_64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0762 https://access.redhat.com/security/cve/CVE-2016-1240 https://access.redhat.com/security/cve/CVE-2016-3092 https://access.redhat.com/security/cve/CVE-2016-5018 https://access.redhat.com/security/cve/CVE-2016-6325 https://access.redhat.com/security/cve/CVE-2016-6794 https://access.redhat.com/security/cve/CVE-2016-6796 https://access.redhat.com/security/cve/CVE-2016-6797 https://access.redhat.com/security/cve/CVE-2016-6816 https://access.redhat.com/security/cve/CVE-2016-8735 https://access.redhat.com/security/cve/CVE-2016-8745 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYvww0XlSAg2UNWIIRAnJlAJ9c1cyDXP1/dI30fGjC0wJVDGbw3QCfbnXw /PBR7pUGLbNA0xtWDwAi0Xk= =Y+gP -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-39
https://security.gentoo.org/
Severity: Low Title: Apache Commons FileUpload: Multiple vulnerabilities Date: July 17, 2021 Bugs: #739350 ID: 202107-39
Synopsis
Multiple vulnerabilities have been found in Apache Commons FileUpload, the worst of which could result in a Denial of Service condition.
Background
The Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to your servlets and web applications.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/commons-fileupload <= 1.3 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for Apache Commons FileUpload. We recommend that users unmerge it:
# emerge --ask --depclean "dev-java/commons-fileupload"
NOTE: The Gentoo developer(s) maintaining Apache Commons FileUpload have discontinued support at this time. It may be possible that a new Gentoo developer will update Apache Commons FileUpload at a later date. We do not have a suggestion for a replacement at this time.
References
[ 1 ] CVE-2013-0248 https://nvd.nist.gov/vuln/detail/CVE-2013-0248 [ 2 ] CVE-2014-0050 https://nvd.nist.gov/vuln/detail/CVE-2014-0050 [ 3 ] CVE-2016-3092 https://nvd.nist.gov/vuln/detail/CVE-2016-3092
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-39
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution.
A local attacker, who is a tomcat's system user or belongs to tomcat=E2=80= =99s group, could potentially escalate privileges.
Resolution
All Apache Tomcat users have to manually check their Tomcat runscripts to make sure that they don't use an old, vulnerable runscript.
http://creativecommons.org/licenses/by-sa/2.5
--SKKBd9VlC8wusCVbXKC9aaUtloHAjIa1g--
.
The References section of this erratum contains a download link (you must log in to download the update). ========================================================================== Ubuntu Security Notice USN-3024-1 July 05, 2016
tomcat6, tomcat7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Tomcat. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174)
It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. A remote attacker could possibly use this issue to hijack web sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. A remote attacker could possibly use this issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)
It was discovered that Tomcat did not place StatusManagerServlet on the RestrictedServlets list. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0706)
It was discovered that the Tomcat session-persistence implementation incorrectly handled session attributes. A remote attacker could possibly use this issue to execute arbitrary code in a privileged context. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0714)
It was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0763)
It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. (CVE-2016-3092)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libtomcat7-java 7.0.68-1ubuntu0.1
Ubuntu 15.10: libtomcat7-java 7.0.64-1ubuntu0.3
Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.6
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.7
In general, a standard system update will make all the necessary changes. (JIRA#JWS-268)
- A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.
For the stable distribution (jessie), this problem has been fixed in version 7.0.56-3+deb8u3.
For the testing distribution (stretch), this problem has been fixed in version 7.0.70-1.
For the unstable distribution (sid), this problem has been fixed in version 7.0.70-1.
We recommend that you upgrade your tomcat7 packages. Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.
Security Fix(es):
-
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
-
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
-
A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-3092)
-
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2016-0706)
-
References:
https://access.redhat.com/security/cve/CVE-2015-5346 https://access.redhat.com/security/cve/CVE-2015-5351 https://access.redhat.com/security/cve/CVE-2016-0706 https://access.redhat.com/security/cve/CVE-2016-0714 https://access.redhat.com/security/cve/CVE-2016-0763 https://access.redhat.com/security/cve/CVE-2016-3092 Security Impact: https://access.redhat.com/security/updates/classification/#important
8
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.69"
},
{
"_id": null,
"model": "icewall identity manager",
"scope": "eq",
"trust": 1.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.67"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.54"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.55"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.68"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.57"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.53"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.65"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.59"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.56"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.11"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.21"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.61"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.52"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.64"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.62"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.63"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.14"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.23"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"_id": null,
"model": "icewall sso agent option",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.0"
},
{
"_id": null,
"model": "struts",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.5.x"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 to 7.0.69"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0.rc1 to 8.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "8.5.0 to 8.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "9.0.0.m1 to 9.0.0m6"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.2 to 1.2.2"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.3 to 1.3.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.10"
},
{
"_id": null,
"model": "jg748aae hp imc ent sw plat w/ nodes e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.12"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.3.0"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"_id": null,
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.2.0"
},
{
"_id": null,
"model": "jg550aae hp pmm to imc bsc wlm upgr w/150ap e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.6"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.9"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.029"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.10"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.4"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.0"
},
{
"_id": null,
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "tivoli monitoring fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1.5"
},
{
"_id": null,
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"_id": null,
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.11"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"_id": null,
"model": "tivoli monitoring fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.34"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "jd814a hp a-imc enterprise edition software dvd media",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"_id": null,
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"_id": null,
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.11"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.11"
},
{
"_id": null,
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.6.8003"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.10"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.2"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "jf378aae hp imc ent s/w pltfrm w/200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.1.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"_id": null,
"model": "tomcat 9.0.0.m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1.7"
},
{
"_id": null,
"model": "spectrum control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.8"
},
{
"_id": null,
"model": "jd808a hp imc ent platform w/100-node license",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.0.0"
},
{
"_id": null,
"model": "rational directory server ifix9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"_id": null,
"model": "jd816a hp a-imc standard edition software dvd media",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "control center 6.1.0.0ifix02",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"_id": null,
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9.1"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.3"
},
{
"_id": null,
"model": "jg768aae hp pcm+ to imc std upg w/ 200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.7"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.1.0"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.7"
},
{
"_id": null,
"model": "jg660aae hp imc smart connect w/wlm vae e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.31"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"_id": null,
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"_id": null,
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"_id": null,
"model": "jd815a hp imc std platform w/100-node license",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "support assistant team server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.04"
},
{
"_id": null,
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"_id": null,
"model": "bigfix remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"_id": null,
"model": "infosphere information server blueprint director",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.12"
},
{
"_id": null,
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.06"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "websphere application server liberty profil",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "control center ifix08",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.9"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.13"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"_id": null,
"model": "commons-fileupload library",
"scope": "eq",
"trust": 0.3,
"vendor": "jenkins ci",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.8"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.8"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.7"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.6"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.6.1.0"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.6"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.4"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"_id": null,
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.8"
},
{
"_id": null,
"model": "control center ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"_id": null,
"model": "algo credit administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere information server business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.3"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "bigfix remote control",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"_id": null,
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"_id": null,
"model": "tomcat 8.0.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat 8.0.0-rc6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.07"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"_id": null,
"model": "infosphere qualitystage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"_id": null,
"model": "jf289aae hp enterprise management system to intelligent manageme",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"_id": null,
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"_id": null,
"model": "jf378a hp imc ent s/w platform w/200-node lic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.0"
},
{
"_id": null,
"model": "tivoli monitoring fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.9"
},
{
"_id": null,
"model": "tivoli monitoring fp9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"_id": null,
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.6.0.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"_id": null,
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.10"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.7.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.1"
},
{
"_id": null,
"model": "control center ifix05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.0"
},
{
"_id": null,
"model": "infosphere information server blueprint director",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "jg546aae hp imc basic sw platform w/50-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.5.7958"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"_id": null,
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.70"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"_id": null,
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.4"
},
{
"_id": null,
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.22"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"_id": null,
"model": "spectrum control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.10"
},
{
"_id": null,
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.1"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "atlas ediscovery process management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"_id": null,
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "control center ifix05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.3"
},
{
"_id": null,
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.08"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4"
},
{
"_id": null,
"model": "tomcat rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1182"
},
{
"_id": null,
"model": "jd125a hp imc std s/w platform w/100-node",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "infosphere information server business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "algo credit manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "tomcat 9.0.0m8",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.4.7895"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.8"
},
{
"_id": null,
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"_id": null,
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"_id": null,
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"_id": null,
"model": "algo one",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"_id": null,
"model": "jg549aae hp pcm+ to imc std upgr w/200-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.32"
},
{
"_id": null,
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1.0"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "infosphere qualitystage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"_id": null,
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.12.2"
},
{
"_id": null,
"model": "tivoli monitoring fp7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3.2.1162"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.16"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.39"
},
{
"_id": null,
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "tomcat 9.0.0.m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "b2b advanced communications 1.0.0.5 1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "algo credit limits",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.7.0"
},
{
"_id": null,
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"_id": null,
"model": "support assistant team server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.9"
},
{
"_id": null,
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"_id": null,
"model": "disposal and governance management for it",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3.3"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "infosphere information governance catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1.1"
},
{
"_id": null,
"model": "solaris sru11.6",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"_id": null,
"model": "tomcat 9.0.0m6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "websphere application server hypervisor edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"_id": null,
"model": "infosphere metadata workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "case manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5.1"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.4.1102"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.2"
},
{
"_id": null,
"model": "jg747aae hp imc std sw plat w/ nodes e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"_id": null,
"model": "jg548aae hp pcm+ to imc bsc upgr w/50-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "tomcat 9.0.0.m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.3.7856"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.7"
},
{
"_id": null,
"model": "spectrum control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.9"
},
{
"_id": null,
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.05"
},
{
"_id": null,
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.6.0.0"
},
{
"_id": null,
"model": "tomcat 9.0.0.m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.5"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.1"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"_id": null,
"model": "tomcat rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"_id": null,
"model": "tivoli storage manager for virtual environments",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.10"
},
{
"_id": null,
"model": "tivoli enterprise portal server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "global retention policy and schedule management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.36"
},
{
"_id": null,
"model": "control center ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.1.3"
},
{
"_id": null,
"model": "case manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3.0.1098"
},
{
"_id": null,
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"_id": null,
"model": "jg767aae hp imc smcnct wsm vrtl applnc sw e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"_id": null,
"model": "infosphere information governance catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"_id": null,
"model": "tomcat for hp-ux b.11.31",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.70.01"
},
{
"_id": null,
"model": "tomcat rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"_id": null,
"model": "jg590aae hp imc bsc wlan mgr sw pltfm ap e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "500"
},
{
"_id": null,
"model": "case manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1.0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"_id": null,
"model": "jf288aae hp network director to intelligent management center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "jg766aae hp imc smcnct vrtl applnc sw e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "jd126a hp imc ent s/w platform w/100-node",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "icewall sso password reset option",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.5.2.2"
},
{
"_id": null,
"model": "support assistant team server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.2"
},
{
"_id": null,
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.18"
},
{
"_id": null,
"model": "tomcat 9.0.0.m4",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4.1"
},
{
"_id": null,
"model": "infosphere information server business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.35"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0.0"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"_id": null,
"model": "jf377a hp imc std s/w platform w/100-node lic",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.5"
},
{
"_id": null,
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"_id": null,
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "control center 6.0.0.0ifix03",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "infosphere metadata asset manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.3"
},
{
"_id": null,
"model": "security guardium data redaction",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.24"
},
{
"_id": null,
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.3.01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "infosphere qualitystage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.5"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.13"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"_id": null,
"model": "jf377aae hp imc std s/w pltfrm w/100-node e-ltu",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.4"
},
{
"_id": null,
"model": "control center 6.1.0.0ifix01",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"_id": null,
"model": "infosphere metadata workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"_id": null,
"model": "algo one algo risk application",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"_id": null,
"model": "mysql enterprise backup",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.7"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.33"
},
{
"_id": null,
"model": "control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.34"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.5.1"
},
{
"_id": null,
"model": "infosphere business glossary",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
}
],
"sources": [
{
"db": "BID",
"id": "91453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:struts",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apache:commons_fileupload",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "139164"
},
{
"db": "PACKETSTORM",
"id": "139770"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "PACKETSTORM",
"id": "139771"
}
],
"trust": 0.5
},
"cve": "CVE-2016-3092",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-3092",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000121",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-3092",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000121",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3092",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000121",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2016-3092",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"description": {
"_id": null,
"data": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service (DoS). TERASOLUNA FW(Struts1) Team of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Processing a specially crafted request may result in the server\u0027s CPU resources to be exhausted. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to become unresponsive; resulting in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update\nAdvisory ID: RHSA-2017:0455-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:0455\nIssue date: 2015-11-12\nUpdated on: 2017-03-07\nCVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 \n CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 \n CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 \n CVE-2016-8735 CVE-2016-8745 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 3 for RHEL 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for\nRed Hat JBoss Web Server 3.0.3, and includes enhancements. \n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges. \n(CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included\nin EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat\ninstance built from source, using the EWS 2.x, or JWS 3.x distributions, an\nattacker could use this flaw to launch a remote code execution attack on\nyour deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own. \n(CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body. \n(CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible to\ndetermine valid user names. Note that the default configuration includes\nthe LockOutRealm which makes exploitation of this vulnerability harder. \n(CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was accessible\nto web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s\nsystem property replacement feature for configuration files could be used\nby a malicious web application to bypass the SecurityManager and read\nsystem properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration parameters\nfor the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access\nany global JNDI resource whether an explicit ResourceLink had been\nconfigured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security. \n\nEnhancement(s):\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to\nRed Hat Enterprise Linux 6. These packages provide a number of enhancements\nover the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated\npackages, which add this enhancement. \n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation\n1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation\n1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources\n1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters\n1390520 - CVE-2016-6794 tomcat: system property disclosure\n1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function\n1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation\n1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener\n1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-267 - RHEL 6 Errata JIRA\n\n7. Package List:\n\nRed Hat JBoss Web Server 3.1 for RHEL 6:\n\nSource:\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.src.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.src.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.src.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.src.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.src.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.src.rpm\ntomcat7-7.0.70-16.ep7.el6.src.rpm\ntomcat8-8.0.36-17.ep7.el6.src.rpm\n\ni386:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.i686.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.i686.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.i686.rpm\ntomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.i686.rpm\n\nnoarch:\nhibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\nmod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\nmod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.noarch.rpm\ntomcat7-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-admin-webapps-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-docs-webapp-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-el-2.2-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-javadoc-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-jsp-2.2-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-jsvc-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-lib-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-log4j-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-selinux-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-servlet-3.0-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-webapps-7.0.70-16.ep7.el6.noarch.rpm\ntomcat8-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-admin-webapps-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-docs-webapp-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-el-2.2-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-javadoc-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-jsp-2.3-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-jsvc-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-lib-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-log4j-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-selinux-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-servlet-3.1-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-webapps-8.0.36-17.ep7.el6.noarch.rpm\n\nppc64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm\n\nx86_64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm\ntomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0762\nhttps://access.redhat.com/security/cve/CVE-2016-1240\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nhttps://access.redhat.com/security/cve/CVE-2016-5018\nhttps://access.redhat.com/security/cve/CVE-2016-6325\nhttps://access.redhat.com/security/cve/CVE-2016-6794\nhttps://access.redhat.com/security/cve/CVE-2016-6796\nhttps://access.redhat.com/security/cve/CVE-2016-6797\nhttps://access.redhat.com/security/cve/CVE-2016-6816\nhttps://access.redhat.com/security/cve/CVE-2016-8735\nhttps://access.redhat.com/security/cve/CVE-2016-8745\nhttps://access.redhat.com/security/updates/classification/#important\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYvww0XlSAg2UNWIIRAnJlAJ9c1cyDXP1/dI30fGjC0wJVDGbw3QCfbnXw\n/PBR7pUGLbNA0xtWDwAi0Xk=\n=Y+gP\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Apache Commons FileUpload: Multiple vulnerabilities\n Date: July 17, 2021\n Bugs: #739350\n ID: 202107-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Commons FileUpload,\nthe worst of which could result in a Denial of Service condition. \n\nBackground\n==========\n\nThe Apache Commons FileUpload package makes it easy to add robust,\nhigh-performance, file upload capability to your servlets and web\napplications. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/commons-fileupload\n \u003c= 1.3 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nGentoo has discontinued support for Apache Commons FileUpload. We\nrecommend that users unmerge it:\n\n # emerge --ask --depclean \"dev-java/commons-fileupload\"\n\nNOTE: The Gentoo developer(s) maintaining Apache Commons FileUpload\nhave discontinued support at this time. It may be possible that a new\nGentoo developer will update Apache Commons FileUpload at a later date. \nWe do not have a suggestion for a replacement at this time. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-0248\n https://nvd.nist.gov/vuln/detail/CVE-2013-0248\n[ 2 ] CVE-2014-0050\n https://nvd.nist.gov/vuln/detail/CVE-2014-0050\n[ 3 ] CVE-2016-3092\n https://nvd.nist.gov/vuln/detail/CVE-2016-3092\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-39\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. It is based on JBoss Application Server 7 and incorporates\nmultiple open-source projects to provide a complete Java EE platform\nsolution. \n\nA local attacker, who is a tomcat\u0027s system user or belongs to tomcat=E2=80=\n=99s\ngroup, could potentially escalate privileges. \n\nResolution\n==========\n\nAll Apache Tomcat users have to manually check their Tomcat runscripts\nto make sure that they don\u0027t use an old, vulnerable runscript. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--SKKBd9VlC8wusCVbXKC9aaUtloHAjIa1g--\n\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). ==========================================================================\nUbuntu Security Notice USN-3024-1\nJuly 05, 2016\n\ntomcat6, tomcat7 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. A remote attacker could use this issue to possibly list a parent\ndirectory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2015-5174)\n\nIt was discovered that the Tomcat mapper component incorrectly handled\nredirects. A remote attacker could use this issue to determine the\nexistence of a directory. This issue only affected Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 15.10. A\nremote attacker could possibly use this issue to hijack web sessions. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. A remote attacker could possibly use this\nissue to bypass CSRF protection mechanisms. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 15.10. (CVE-2015-5351)\n\nIt was discovered that Tomcat did not place StatusManagerServlet on the\nRestrictedServlets list. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. \n(CVE-2016-0706)\n\nIt was discovered that the Tomcat session-persistence implementation\nincorrectly handled session attributes. A remote attacker could possibly\nuse this issue to execute arbitrary code in a privileged context. This\nissue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. \n(CVE-2016-0714)\n\nIt was discovered that the Tomcat setGlobalContext method incorrectly\nchecked if callers were authorized. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 15.10. (CVE-2016-0763)\n\nIt was discovered that the Tomcat Fileupload library incorrectly handled\ncertain upload requests. (CVE-2016-3092)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libtomcat7-java 7.0.68-1ubuntu0.1\n\nUbuntu 15.10:\n libtomcat7-java 7.0.64-1ubuntu0.3\n\nUbuntu 14.04 LTS:\n libtomcat7-java 7.0.52-1ubuntu0.6\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.7\n\nIn general, a standard system update will make all the necessary changes. \n(JIRA#JWS-268)\n\n4. A remote attacker can take advantage of this flaw\nby sending file upload requests that cause the HTTP server using the\nApache Commons Fileupload library to become unresponsive, preventing the\nserver from servicing other requests. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u3. \n\nFor the testing distribution (stretch), this problem has been fixed\nin version 7.0.70-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.0.70-1. \n\nWe recommend that you upgrade your tomcat7 packages. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. It contains security fixes for the Tomcat 7\ncomponent. Only users of the Tomcat 7 component in JBoss Web Server need to\napply the fixes delivered in this release. \n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and\nHost Manager applications. These applications included a valid CSRF token\nwhen issuing a redirect as a result of an unauthenticated request to the\nroot of the web application. This token could then be used by an attacker\nto perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was configured\nto use the SSL session ID as the HTTP session ID, an attacker could reuse a\npreviously used session ID for further requests. (CVE-2016-0706)\n\n4. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5346\nhttps://access.redhat.com/security/cve/CVE-2015-5351\nhttps://access.redhat.com/security/cve/CVE-2016-0706\nhttps://access.redhat.com/security/cve/CVE-2016-0714\nhttps://access.redhat.com/security/cve/CVE-2016-0763\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nSecurity Impact: https://access.redhat.com/security/updates/classification/#important\n\n8",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "163537"
},
{
"db": "PACKETSTORM",
"id": "139164"
},
{
"db": "PACKETSTORM",
"id": "137800"
},
{
"db": "PACKETSTORM",
"id": "142561"
},
{
"db": "PACKETSTORM",
"id": "139770"
},
{
"db": "PACKETSTORM",
"id": "137773"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "PACKETSTORM",
"id": "137753"
},
{
"db": "PACKETSTORM",
"id": "139771"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-3092",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVN89379547",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121",
"trust": 1.9
},
{
"db": "BID",
"id": "91453",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1036427",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1037029",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036900",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1039606",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2016-3092",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141509",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163537",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139164",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137800",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142561",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137773",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137753",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139771",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "163537"
},
{
"db": "PACKETSTORM",
"id": "139164"
},
{
"db": "PACKETSTORM",
"id": "137800"
},
{
"db": "PACKETSTORM",
"id": "142561"
},
{
"db": "PACKETSTORM",
"id": "139770"
},
{
"db": "PACKETSTORM",
"id": "137773"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "PACKETSTORM",
"id": "137753"
},
{
"db": "PACKETSTORM",
"id": "139771"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"id": "VAR-201607-0321",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.75
},
"last_update_date": "2026-03-07T22:37:50.650000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fwd: CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"trust": 0.8,
"url": "https://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/%3C45A20804-ABFF-4FED-A297-69AC95AB9A3F@apache.org%3E"
},
{
"title": "Download Apache Commons FileUpload -- Apache Commons FileUpload 1.3.2",
"trust": 0.8,
"url": "https://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi"
},
{
"title": "Fixed in Apache Tomcat 8.5.3 and 8.0.36",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.3_and_8.0.36"
},
{
"title": "Fixed in Apache Tomcat 7.0.70",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.70"
},
{
"title": "Fixed in Apache Tomcat 9.0.0.M8",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M8"
},
{
"title": "Revision 1743480",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"title": "Revision 1743722",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"title": "Revision 1743738",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"title": "Revision 1743742",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"title": "DSA-3609",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3609"
},
{
"title": "DSA-3611",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3611"
},
{
"title": "DSA-3614",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3614"
},
{
"title": "CVE-2016-3092(JVN#89379547)",
"trust": 0.8,
"url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-3092"
},
{
"title": "HS16-026",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-026/index.html"
},
{
"title": "HS16-029",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-029/index.html"
},
{
"title": "HS16-030",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-030/index.html"
},
{
"title": "hitachi-sec-2017-105",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-105/index.html"
},
{
"title": "HS16-022",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-022/index.html"
},
{
"title": "HPSBGN03631",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05204371"
},
{
"title": "NV16-018",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv16-018.html"
},
{
"title": "Oracle Solaris Third Party Bulletin - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"title": "TERASOLUNA Framework",
"trust": 0.8,
"url": "https://en.osdn.jp/projects/terasoluna/"
},
{
"title": "Bug 1349468",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"title": "USN-3024-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-3024-1/"
},
{
"title": "USN-3027-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-3027-1/"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162069 - Security Advisory"
},
{
"title": "Red Hat: Moderate: jboss-ec2-eap security and enhancement update for EAP 6.4.11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162072 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162068 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162070 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3611-1 libcommons-fileupload-java -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=824a6eb444fe6417647eb1c1fb51c0f6"
},
{
"title": "Ubuntu Security Notice: tomcat8 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3027-1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162807 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162808 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2016-736",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-736"
},
{
"title": "Red Hat: CVE-2016-3092",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-3092"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170457 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3024-1"
},
{
"title": "Debian Security Advisories: DSA-3609-1 tomcat8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=35ca6a1e2d09521d71af74a1e27d6cbd"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.2,
"url": "http://jvn.jp/en/jp/jvn89379547/index.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.4,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3027-1"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3024-1"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91453"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:0456"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:0455"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2808.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2807.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2072.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202107-39"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000121"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-9.html"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"trust": 1.1,
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3ccaf8hoz%2bpq2qh8rnxbujyok1doz6jrtiqypac%2bh8g6ozkbg%2bcxg%40mail.gmail.com%3e"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05204371"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05289840"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324759"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037029"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036900"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036427"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039606"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0457.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2599.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2071.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2070.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2069.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2068.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3092"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3092"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3092"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-3092"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0706"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0714"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5346"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5351"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://commons.apache.org/proper/commons-fileupload//"
},
{
"trust": 0.3,
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/%3c45a20804-abff-4fed-a297-69ac95ab9a3f@apache.org%3e"
},
{
"trust": 0.3,
"url": "https://jenkins.io/security/advisory/2017-10-11/"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05204371"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05289840"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324759"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.70"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021649"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986641"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21990830"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21992916"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009566"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009571"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987864"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988198"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988279"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988564"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988584"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988585"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988586"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989359"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990120"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990236"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990262"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990386"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990394"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990424"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990451"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990527"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990884"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991786"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991837"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991866"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992457"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993043"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993879"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995043"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995382"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995611"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995686"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995793"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8745"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1240"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6325"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6325"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8735"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-1240"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8745"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6794"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5018"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6816"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0762"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5018"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6794"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5174"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0714"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-5346"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0706"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-5351"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0763"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2016:2069"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-3611"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3027-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5651"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5650"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8745"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5345"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5346"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5647"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5650"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5651"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0706"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0714"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3092"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0763"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.64-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.68-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.6"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3092"
},
{
"db": "BID",
"id": "91453"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "163537"
},
{
"db": "PACKETSTORM",
"id": "139164"
},
{
"db": "PACKETSTORM",
"id": "137800"
},
{
"db": "PACKETSTORM",
"id": "142561"
},
{
"db": "PACKETSTORM",
"id": "139770"
},
{
"db": "PACKETSTORM",
"id": "137773"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "PACKETSTORM",
"id": "137753"
},
{
"db": "PACKETSTORM",
"id": "139771"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
},
{
"db": "NVD",
"id": "CVE-2016-3092"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2016-3092",
"ident": null
},
{
"db": "BID",
"id": "91453",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141509",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163537",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139164",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "137800",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "142561",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139770",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "137773",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141510",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "137753",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139771",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000121",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-3092",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3092",
"ident": null
},
{
"date": "2016-06-21T00:00:00",
"db": "BID",
"id": "91453",
"ident": null
},
{
"date": "2017-03-08T00:54:47",
"db": "PACKETSTORM",
"id": "141509",
"ident": null
},
{
"date": "2021-07-19T15:31:29",
"db": "PACKETSTORM",
"id": "163537",
"ident": null
},
{
"date": "2016-10-18T13:58:15",
"db": "PACKETSTORM",
"id": "139164",
"ident": null
},
{
"date": "2016-07-07T01:45:33",
"db": "PACKETSTORM",
"id": "137800",
"ident": null
},
{
"date": "2017-05-18T04:17:44",
"db": "PACKETSTORM",
"id": "142561",
"ident": null
},
{
"date": "2016-11-17T23:52:49",
"db": "PACKETSTORM",
"id": "139770",
"ident": null
},
{
"date": "2016-07-05T18:11:00",
"db": "PACKETSTORM",
"id": "137773",
"ident": null
},
{
"date": "2017-03-08T00:55:08",
"db": "PACKETSTORM",
"id": "141510",
"ident": null
},
{
"date": "2016-07-02T17:22:00",
"db": "PACKETSTORM",
"id": "137753",
"ident": null
},
{
"date": "2016-11-17T23:52:54",
"db": "PACKETSTORM",
"id": "139771",
"ident": null
},
{
"date": "2016-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000121",
"ident": null
},
{
"date": "2016-07-04T22:59:04.303000",
"db": "NVD",
"id": "CVE-2016-3092",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3092",
"ident": null
},
{
"date": "2019-04-17T07:00:00",
"db": "BID",
"id": "91453",
"ident": null
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000121",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-3092",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "91453"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Apache Commons FileUpload vulnerable to denial-of-service (DoS)",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000121"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "91453"
}
],
"trust": 0.3
}
}
VAR-201306-0139
Vulnerability from variot - Updated: 2026-03-07 22:33Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. Oracle Java SE is prone to a frame-injection vulnerability. Successful exploits may allow attackers to redirect victims to a malicious website. This may lead to other attacks. This vulnerability affects the following supported versions: 7 Update 21 , 6 Update 45 , 5.0 Update 45 , JavaFX 2.2.21.
A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root (CVE-2013-1976).
It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials (CVE-2013-2067).
Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTBGbfmqjQ0CJFipgRAqoFAJ9rlsBNuojSUoFTrtzjClT1Baj4GACg3oCE t3Cmz3RfMCdPvQPAOR3vuf4= =bOtM -----END PGP SIGNATURE-----
.
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30
http://security.gentoo.org/
Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details.
Impact
An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"
All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea.
References
[ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-30.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-1907-2 July 16, 2013
icedtea-web update
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
IcedTea Web updated to work with new OpenJDK 7.
Software Description: - icedtea-web: A web browser plugin to execute Java applets
Details:
USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes, IcedTea Web needed an update to work with the new OpenJDK 7.
Original advisory details:
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454, CVE-2013-2458)
A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. (CVE-2013-1571)
A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2412, CVE-2013-2443, CVE-2013-2446, CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)
Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473)
Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-2453, CVE-2013-2455, CVE-2013-2457)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04: icedtea-netx 1.3.2-1ubuntu1.1
Ubuntu 12.10: icedtea-netx 1.3.2-1ubuntu0.12.10.2
Ubuntu 12.04 LTS: icedtea-netx 1.2.3-0ubuntu0.12.04.3
After a standard system update you need to restart your browser to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03874547
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03874547 Version: 1
HPSBUX02908 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2013-07-31 Last Updated: 2013-07-31
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.19 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-1500 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6 CVE-2013-1571 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2407 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2013-2412 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2433 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2437 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2442 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-2444 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2445 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2013-2446 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2447 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-2450 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2451 (AV:L/AC:H/Au:N/C:P/I:P/A:P) 3.7 CVE-2013-2452 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2453 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-2454 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-2455 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2456 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-2457 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-2459 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2461 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-2463 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2464 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2466 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2468 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2470 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2471 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2472 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-3743 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these vulnerabilities.
The upgrade is available from the following location
http://www.hp.com/java
OS Version Release Version
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.20 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0 update to Java v6.0.20 or subsequent PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.20.00 or subsequent
HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.20.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 31 July 2013 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-ibm security update Advisory ID: RHSA-2013:1059-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1059.html Issue date: 2013-07-15 CVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3743 =====================================================================
- Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)
Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571.
All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR14 release. All running instances of IBM Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375) 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243) 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248) 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253) 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257) 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438) 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597) 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601) 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071) 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328) 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744) 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554) 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038) 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642) 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120) 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124) 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330) 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033) 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812) 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318) 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638) 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132) 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703) 975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730) 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034) 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D) 975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT) 975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment) 975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm
x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm
ppc: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm
s390x: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.s390.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm
x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm
ppc64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.ppc.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm
s390x: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm
x86_64: java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm java-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-1500.html https://www.redhat.com/security/data/cve/CVE-2013-1571.html https://www.redhat.com/security/data/cve/CVE-2013-2407.html https://www.redhat.com/security/data/cve/CVE-2013-2412.html https://www.redhat.com/security/data/cve/CVE-2013-2437.html https://www.redhat.com/security/data/cve/CVE-2013-2442.html https://www.redhat.com/security/data/cve/CVE-2013-2443.html https://www.redhat.com/security/data/cve/CVE-2013-2444.html https://www.redhat.com/security/data/cve/CVE-2013-2446.html https://www.redhat.com/security/data/cve/CVE-2013-2447.html https://www.redhat.com/security/data/cve/CVE-2013-2448.html https://www.redhat.com/security/data/cve/CVE-2013-2450.html https://www.redhat.com/security/data/cve/CVE-2013-2451.html https://www.redhat.com/security/data/cve/CVE-2013-2452.html https://www.redhat.com/security/data/cve/CVE-2013-2453.html https://www.redhat.com/security/data/cve/CVE-2013-2454.html https://www.redhat.com/security/data/cve/CVE-2013-2455.html https://www.redhat.com/security/data/cve/CVE-2013-2456.html https://www.redhat.com/security/data/cve/CVE-2013-2457.html https://www.redhat.com/security/data/cve/CVE-2013-2459.html https://www.redhat.com/security/data/cve/CVE-2013-2463.html https://www.redhat.com/security/data/cve/CVE-2013-2464.html https://www.redhat.com/security/data/cve/CVE-2013-2465.html https://www.redhat.com/security/data/cve/CVE-2013-2466.html https://www.redhat.com/security/data/cve/CVE-2013-2468.html https://www.redhat.com/security/data/cve/CVE-2013-2469.html https://www.redhat.com/security/data/cve/CVE-2013-2470.html https://www.redhat.com/security/data/cve/CVE-2013-2471.html https://www.redhat.com/security/data/cve/CVE-2013-2472.html https://www.redhat.com/security/data/cve/CVE-2013-2473.html https://www.redhat.com/security/data/cve/CVE-2013-3743.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFR5F7SXlSAg2UNWIIRAoLZAJ0VjJsfypi7E/eTRM17TcAUxLApcgCeOawz KToQFuV/rQGbw/9j9N5it68= =y+B0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 1.9,
"vendor": "oracle",
"version": "2.2.7"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 1.9,
"vendor": "oracle",
"version": "2.2.4"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 1.9,
"vendor": "oracle",
"version": "2.2"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "2.2.5"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "2.1"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "2.2.3"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "2.0.2"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 1.6,
"vendor": "oracle",
"version": "2.0.3"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"_id": null,
"model": "javafx",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.2.21"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.5.0"
},
{
"_id": null,
"model": "jdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"_id": null,
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.5.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.5.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"_id": null,
"model": "jdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.0"
},
{
"_id": null,
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "1.5.0"
},
{
"_id": null,
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.7"
},
{
"_id": null,
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 35",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 35",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 33",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 32",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 24",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 9",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 8",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 17",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 13",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 11",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 10",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 43",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 38",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 41",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 7",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 4",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 35",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 32",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 38",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 36",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 9",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 8",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 21",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 13",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 12",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 11",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 10",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 43",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 45",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 39",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 37",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"_id": null,
"model": "jdk 1.7.0 7",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 4",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 38",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 35",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 32",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 38",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 36",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "2.2.21"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openoffice",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.7.0 12",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 45",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.7.0 21",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.7.0 17",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 41",
"scope": null,
"trust": 0.6,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "freeflow print server 93.e0.21c",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "freeflow print server 91.d2.32",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "freeflow print server 82.d1.44",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "freeflow print server 81.d0.73",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "freeflow print server 73.d2.33",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "freeflow print server 73.c5.11",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise server sp3 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise java sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise java sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre beta",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.0.2"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1"
},
{
"_id": null,
"model": "javafx",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.0"
},
{
"_id": null,
"model": "trio tview software",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.27.0"
},
{
"_id": null,
"model": "suse core for",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9x86"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"_id": null,
"model": "core",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.5"
},
{
"_id": null,
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5)5.5"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server eus 6.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "jrockit r28.2.7",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jrockit r28.2.6",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jrockit r28.2.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jrockit r28.2.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jrockit r27.7.5",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jrockit r27.7.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jrockit r27.7.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jrockit r27.7.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "websphere real time sr4-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "websphere real time",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "websphere process server hypervisor edition for red hat",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere process server hypervisor edition for red hat",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "websphere process server hypervisor edition for novell suse",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere process server hypervisor edition for novell suse",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "websphere process server hypervisor edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere process server hypervisor edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "websphere process server for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "websphere process server for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "websphere process server for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "websphere process server for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "websphere process server for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "websphere process server for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.4"
},
{
"_id": null,
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "websphere process server feature pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.01"
},
{
"_id": null,
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere process server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere partner gateway express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.3"
},
{
"_id": null,
"model": "websphere partner gateway express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "websphere partner gateway enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.2"
},
{
"_id": null,
"model": "websphere partner gateway enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "websphere partner gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.2"
},
{
"_id": null,
"model": "websphere partner gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.11"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.25"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.24"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.23"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.22"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.21"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.2"
},
{
"_id": null,
"model": "websphere partner gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "websphere operational decision management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.0"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.19"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.18"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.16"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.2"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.1"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.02"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.3"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.5"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.4"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.3"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.10"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.0"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "websphere ilog jrules",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "websphere front office development toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"_id": null,
"model": "websphere front office development toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"_id": null,
"model": "websphere front office development toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "websphere dynamic process edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere dynamic process edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"_id": null,
"model": "websphere dynamic process edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "websphere dynamic process edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.07"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.3"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.2"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.9"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.8"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.7"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.6"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.5"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.4"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.3"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.2"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.11"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.10"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "websphere commerce",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"_id": null,
"model": "websphere business services fabric for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "websphere business services fabric for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0"
},
{
"_id": null,
"model": "websphere business services fabric for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "websphere business services fabric for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"_id": null,
"model": "websphere business services fabric for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "websphere business services fabric for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"_id": null,
"model": "websphere business services fabric",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "websphere business services fabric",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0"
},
{
"_id": null,
"model": "websphere business services fabric",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "websphere business services fabric",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"_id": null,
"model": "websphere business services fabric",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "websphere business services fabric",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.029"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.9"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.8"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.13"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.12"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.141"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.9"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.8"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.7"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.6"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.33"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.32"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.23"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.22"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.21"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.20"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.18"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.14"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.13"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.12"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.11"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.10"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.7"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.45"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.43"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.39"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.37"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.35"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.34"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.33"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.27"
},
{
"_id": null,
"model": "websphere appliance management center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "websphere appliance management center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "virtualization engine ts7700",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "tivoli workload scheduler for z/os connector fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "tivoli workload scheduler for z/os connector fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "tivoli workload scheduler for z/os connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed fp07",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "tivoli system automation for integrated operations management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"_id": null,
"model": "tivoli system automation for integrated operations management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"_id": null,
"model": "tivoli storage productivity center fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"_id": null,
"model": "tivoli netcool/impact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "tivoli netcool/impact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tivoli netcool/impact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"_id": null,
"model": "tivoli netcool/impact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.33"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.32"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.29"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.104"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.203"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.1"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3.1"
},
{
"_id": null,
"model": "tivoli monitoring fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "tivoli monitoring fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.24"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.222"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.147"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.9"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.8"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.7"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.6"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.4"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.14"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.13"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.12"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.11"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.10"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.1"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.2"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"_id": null,
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"_id": null,
"model": "tivoli business service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "tivoli business service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tivoli business service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"_id": null,
"model": "tivoli business service manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.13"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.12"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.11"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.5"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.4"
},
{
"_id": null,
"model": "system storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1"
},
{
"_id": null,
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1"
},
{
"_id": null,
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "56009.7"
},
{
"_id": null,
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.4"
},
{
"_id": null,
"model": "rational host on-demand",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"_id": null,
"model": "rational host on-demand",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0.8"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.18"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.06"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.9"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.8"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.7"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.6"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.5"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.4"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.3"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.10"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.1"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.9"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.7"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.6"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.3"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.2"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.1"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.28"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.27"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.26"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.25"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.24"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.23"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.21"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.19"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.18"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.17"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.16"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.13"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.12"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.11"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.12"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.03"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.9"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.15"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.18"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.17"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.16"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.15"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.14"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.13"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.12"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.11"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.16"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.15"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.14"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.13"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.12"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.07"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.06"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.05"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.04"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.35"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.34"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.33"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.32"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.31"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.23"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.22"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.21"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.14"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.02"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "prerequisite scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.24"
},
{
"_id": null,
"model": "os/400 v6r1m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "os/400 v5r4m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "messagesight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.8"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.7"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.6"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.5"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.4"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "maximo asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "lotus symphony",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "lotus symphony",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.3"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.2"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.5"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.4"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.6"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.5"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.4"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.3"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.2"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.1"
},
{
"_id": null,
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.4"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.3"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.1"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.4"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.3"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.2"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2.1"
},
{
"_id": null,
"model": "lotus domino",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "java sdk sr4-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "java sdk sr5-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "java sdk sr13-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "java sdk sr16-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5"
},
{
"_id": null,
"model": "java sdk sr13-fp17",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"_id": null,
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.2"
},
{
"_id": null,
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"_id": null,
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.0"
},
{
"_id": null,
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.4"
},
{
"_id": null,
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.0"
},
{
"_id": null,
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"_id": null,
"model": "infosphere master information hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"_id": null,
"model": "infosphere master information hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere guardium data redaction",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.2"
},
{
"_id": null,
"model": "infosphere enterprise records",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5.1"
},
{
"_id": null,
"model": "infosphere custom domain hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"_id": null,
"model": "infosphere custom domain hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "infosphere custom domain hub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "informix jdbc 4.10.jc1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "ims enterprise suite",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.4"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"_id": null,
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "i v5r4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "filenet records manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5.0"
},
{
"_id": null,
"model": "enterprise records",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"_id": null,
"model": "enterprise records",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"_id": null,
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.2"
},
{
"_id": null,
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.1"
},
{
"_id": null,
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.4.1"
},
{
"_id": null,
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.0"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"_id": null,
"model": "nonstop server j6.0.14.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.16",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.14.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.13.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.12.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.11.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.10.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.10.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.10.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.09.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.09.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.09.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.09.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.09.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.08.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.08.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.08.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.08.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.08.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.07.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.07.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.07.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.06.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.06.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.06.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.06.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.05.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.05.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.05.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.04.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.04.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.04.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.27",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.26.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.26",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.25.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.25",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.24.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.24",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.22.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.21.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.21.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.21.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.20.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.20.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.20.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.20.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.19.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.19.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.19.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.19.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.18.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.18.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.18.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.17.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.17.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.17.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.16.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.16.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.16.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.15.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.15.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4.0"
},
{
"_id": null,
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-4"
},
{
"_id": null,
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-4"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "9.0"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.3"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "voice portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "ir",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "conferencing standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "conferencing standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "conferencing standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "cms r16.3",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "cms r16",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "cms r15",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "call management system r17.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1.0.9"
},
{
"_id": null,
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"_id": null,
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "aura system manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura conferencing sp1 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.5.0.15"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.4.0.15"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.30"
},
{
"_id": null,
"model": "openoffice sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "3.4.1"
},
{
"_id": null,
"model": "ant",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.9.1"
},
{
"_id": null,
"model": "ant",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.2"
},
{
"_id": null,
"model": "ant",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8.4"
},
{
"_id": null,
"model": "ant",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8.3"
},
{
"_id": null,
"model": "ant",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5"
},
{
"_id": null,
"model": "trio tview software",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.29.0"
},
{
"_id": null,
"model": "websphere real time sr5",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"_id": null,
"model": "websphere mq",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"_id": null,
"model": "websphere mq",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.4"
},
{
"_id": null,
"model": "websphere mq",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.11"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.12"
},
{
"_id": null,
"model": "virtualization engine ts7700",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.31.0.89"
},
{
"_id": null,
"model": "tivoli system automation for integrated operations management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.5"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2.170"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.33"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.58"
},
{
"_id": null,
"model": "rational synergy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"_id": null,
"model": "rational business developer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.11"
},
{
"_id": null,
"model": "java sdk sr5",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "java sdk sr6",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "java sdk sr14",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "java sdk sr16-fp3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "java sdk sr13-fp18",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "infosphere streams",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"_id": null,
"model": "infosphere streams",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.39"
},
{
"_id": null,
"model": "ant",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.9.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#225657"
},
{
"db": "BID",
"id": "60634"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-293"
},
{
"db": "NVD",
"id": "CVE-2013-1571"
}
]
},
"credits": {
"_id": null,
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "60634"
}
],
"trust": 0.3
},
"cve": "CVE-2013-1571",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-1571",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 5.0,
"collateralDamagePotential": "LOW-MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.4,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-1571",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-1571",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-1571",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-293",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2013-1571",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#225657"
},
{
"db": "VULMON",
"id": "CVE-2013-1571"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-293"
},
{
"db": "NVD",
"id": "CVE-2013-1571"
}
]
},
"description": {
"_id": null,
"data": "Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. Oracle Java SE is prone to a frame-injection vulnerability. \nSuccessful exploits may allow attackers to redirect victims to a malicious website. This may lead to other attacks. \nThis vulnerability affects the following supported versions:\n7 Update 21 , 6 Update 45 , 5.0 Update 45 , JavaFX 2.2.21. \n \n A flaw was found in the way the tomcat6 init script handled the\n tomcat6-initd.log log file. A malicious web application deployed on\n Tomcat could use this flaw to perform a symbolic link attack to change\n the ownership of an arbitrary system file to that of the tomcat user,\n allowing them to escalate their privileges to root (CVE-2013-1976). \n \n It was discovered that Tomcat incorrectly handled certain\n authentication requests. A remote attacker could possibly use this\n flaw to inject a request that would get executed with a victim\u0026#039;s\n credentials (CVE-2013-2067). \n \n Note: With this update, tomcat6-initd.log has been moved from\n /var/log/tomcat6/ to the /var/log/ directory. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTBGbfmqjQ0CJFipgRAqoFAJ9rlsBNuojSUoFTrtzjClT1Baj4GACg3oCE\nt3Cmz3RfMCdPvQPAOR3vuf4=\n=bOtM\n-----END PGP SIGNATURE-----\n\n\n. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory pages, listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201401-30\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: January 27, 2014\n Bugs: #404071, #421073, #433094, #438706, #451206, #455174,\n #458444, #460360, #466212, #473830, #473980, #488210, #498148\n ID: 201401-30\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jdk \u003c= 1.6.0.45 Vulnerable!\n 2 dev-java/oracle-jdk-bin \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n 3 dev-java/sun-jre-bin \u003c= 1.6.0.45 Vulnerable!\n 4 dev-java/oracle-jre-bin \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n 5 app-emulation/emul-linux-x86-java\n \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 5 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n======\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities\nto execute arbitrary code. \nFurthermore, a local or remote attacker could exploit these\nvulnerabilities to cause unspecified impact, possibly including remote\nexecution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.7.0.51\"\n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.7.0.51\"\n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.7.0.51\"\n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one\nof the newer Oracle packages like dev-java/oracle-jdk-bin or\ndev-java/oracle-jre-bin or choose another alternative we provide; eg. \nthe IBM JDK/JRE or the open source IcedTea. \n\nReferences\n==========\n\n[ 1 ] CVE-2011-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563\n[ 2 ] CVE-2011-5035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035\n[ 3 ] CVE-2012-0497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497\n[ 4 ] CVE-2012-0498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498\n[ 5 ] CVE-2012-0499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499\n[ 6 ] CVE-2012-0500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500\n[ 7 ] CVE-2012-0501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501\n[ 8 ] CVE-2012-0502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502\n[ 9 ] CVE-2012-0503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503\n[ 10 ] CVE-2012-0504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504\n[ 11 ] CVE-2012-0505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505\n[ 12 ] CVE-2012-0506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506\n[ 13 ] CVE-2012-0507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507\n[ 14 ] CVE-2012-0547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547\n[ 15 ] CVE-2012-1531\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531\n[ 16 ] CVE-2012-1532\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532\n[ 17 ] CVE-2012-1533\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533\n[ 18 ] CVE-2012-1541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541\n[ 19 ] CVE-2012-1682\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682\n[ 20 ] CVE-2012-1711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711\n[ 21 ] CVE-2012-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713\n[ 22 ] CVE-2012-1716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716\n[ 23 ] CVE-2012-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717\n[ 24 ] CVE-2012-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718\n[ 25 ] CVE-2012-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719\n[ 26 ] CVE-2012-1721\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721\n[ 27 ] CVE-2012-1722\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722\n[ 28 ] CVE-2012-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723\n[ 29 ] CVE-2012-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724\n[ 30 ] CVE-2012-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725\n[ 31 ] CVE-2012-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726\n[ 32 ] CVE-2012-3136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136\n[ 33 ] CVE-2012-3143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143\n[ 34 ] CVE-2012-3159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159\n[ 35 ] CVE-2012-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174\n[ 36 ] CVE-2012-3213\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213\n[ 37 ] CVE-2012-3216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216\n[ 38 ] CVE-2012-3342\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342\n[ 39 ] CVE-2012-4416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416\n[ 40 ] CVE-2012-4681\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681\n[ 41 ] CVE-2012-5067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067\n[ 42 ] CVE-2012-5068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068\n[ 43 ] CVE-2012-5069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069\n[ 44 ] CVE-2012-5070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070\n[ 45 ] CVE-2012-5071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071\n[ 46 ] CVE-2012-5072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072\n[ 47 ] CVE-2012-5073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073\n[ 48 ] CVE-2012-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074\n[ 49 ] CVE-2012-5075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075\n[ 50 ] CVE-2012-5076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076\n[ 51 ] CVE-2012-5077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077\n[ 52 ] CVE-2012-5079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079\n[ 53 ] CVE-2012-5081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081\n[ 54 ] CVE-2012-5083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083\n[ 55 ] CVE-2012-5084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084\n[ 56 ] CVE-2012-5085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085\n[ 57 ] CVE-2012-5086\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086\n[ 58 ] CVE-2012-5087\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087\n[ 59 ] CVE-2012-5088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088\n[ 60 ] CVE-2012-5089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089\n[ 61 ] CVE-2013-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169\n[ 62 ] CVE-2013-0351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351\n[ 63 ] CVE-2013-0401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401\n[ 64 ] CVE-2013-0402\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402\n[ 65 ] CVE-2013-0409\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409\n[ 66 ] CVE-2013-0419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419\n[ 67 ] CVE-2013-0422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422\n[ 68 ] CVE-2013-0423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423\n[ 69 ] CVE-2013-0430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430\n[ 70 ] CVE-2013-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437\n[ 71 ] CVE-2013-0438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438\n[ 72 ] CVE-2013-0445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445\n[ 73 ] CVE-2013-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446\n[ 74 ] CVE-2013-0448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448\n[ 75 ] CVE-2013-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449\n[ 76 ] CVE-2013-0809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809\n[ 77 ] CVE-2013-1473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473\n[ 78 ] CVE-2013-1479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479\n[ 79 ] CVE-2013-1481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481\n[ 80 ] CVE-2013-1484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484\n[ 81 ] CVE-2013-1485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485\n[ 82 ] CVE-2013-1486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486\n[ 83 ] CVE-2013-1487\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487\n[ 84 ] CVE-2013-1488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488\n[ 85 ] CVE-2013-1491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491\n[ 86 ] CVE-2013-1493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493\n[ 87 ] CVE-2013-1500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500\n[ 88 ] CVE-2013-1518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518\n[ 89 ] CVE-2013-1537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537\n[ 90 ] CVE-2013-1540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540\n[ 91 ] CVE-2013-1557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557\n[ 92 ] CVE-2013-1558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558\n[ 93 ] CVE-2013-1561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561\n[ 94 ] CVE-2013-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563\n[ 95 ] CVE-2013-1564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564\n[ 96 ] CVE-2013-1569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569\n[ 97 ] CVE-2013-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571\n[ 98 ] CVE-2013-2383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383\n[ 99 ] CVE-2013-2384\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384\n[ 100 ] CVE-2013-2394\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394\n[ 101 ] CVE-2013-2400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400\n[ 102 ] CVE-2013-2407\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407\n[ 103 ] CVE-2013-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412\n[ 104 ] CVE-2013-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414\n[ 105 ] CVE-2013-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415\n[ 106 ] CVE-2013-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416\n[ 107 ] CVE-2013-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417\n[ 108 ] CVE-2013-2418\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418\n[ 109 ] CVE-2013-2419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419\n[ 110 ] CVE-2013-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420\n[ 111 ] CVE-2013-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421\n[ 112 ] CVE-2013-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422\n[ 113 ] CVE-2013-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423\n[ 114 ] CVE-2013-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424\n[ 115 ] CVE-2013-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425\n[ 116 ] CVE-2013-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426\n[ 117 ] CVE-2013-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427\n[ 118 ] CVE-2013-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428\n[ 119 ] CVE-2013-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429\n[ 120 ] CVE-2013-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430\n[ 121 ] CVE-2013-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431\n[ 122 ] CVE-2013-2432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432\n[ 123 ] CVE-2013-2433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433\n[ 124 ] CVE-2013-2434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434\n[ 125 ] CVE-2013-2435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435\n[ 126 ] CVE-2013-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436\n[ 127 ] CVE-2013-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437\n[ 128 ] CVE-2013-2438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438\n[ 129 ] CVE-2013-2439\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439\n[ 130 ] CVE-2013-2440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440\n[ 131 ] CVE-2013-2442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442\n[ 132 ] CVE-2013-2443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443\n[ 133 ] CVE-2013-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444\n[ 134 ] CVE-2013-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445\n[ 135 ] CVE-2013-2446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446\n[ 136 ] CVE-2013-2447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447\n[ 137 ] CVE-2013-2448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448\n[ 138 ] CVE-2013-2449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449\n[ 139 ] CVE-2013-2450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450\n[ 140 ] CVE-2013-2451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451\n[ 141 ] CVE-2013-2452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452\n[ 142 ] CVE-2013-2453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453\n[ 143 ] CVE-2013-2454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454\n[ 144 ] CVE-2013-2455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455\n[ 145 ] CVE-2013-2456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456\n[ 146 ] CVE-2013-2457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457\n[ 147 ] CVE-2013-2458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458\n[ 148 ] CVE-2013-2459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459\n[ 149 ] CVE-2013-2460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460\n[ 150 ] CVE-2013-2461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461\n[ 151 ] CVE-2013-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462\n[ 152 ] CVE-2013-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463\n[ 153 ] CVE-2013-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464\n[ 154 ] CVE-2013-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465\n[ 155 ] CVE-2013-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466\n[ 156 ] CVE-2013-2467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467\n[ 157 ] CVE-2013-2468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468\n[ 158 ] CVE-2013-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469\n[ 159 ] CVE-2013-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470\n[ 160 ] CVE-2013-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471\n[ 161 ] CVE-2013-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472\n[ 162 ] CVE-2013-2473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473\n[ 163 ] CVE-2013-3743\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743\n[ 164 ] CVE-2013-3744\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744\n[ 165 ] CVE-2013-3829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829\n[ 166 ] CVE-2013-5772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772\n[ 167 ] CVE-2013-5774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774\n[ 168 ] CVE-2013-5775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775\n[ 169 ] CVE-2013-5776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776\n[ 170 ] CVE-2013-5777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777\n[ 171 ] CVE-2013-5778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778\n[ 172 ] CVE-2013-5780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780\n[ 173 ] CVE-2013-5782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782\n[ 174 ] CVE-2013-5783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783\n[ 175 ] CVE-2013-5784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784\n[ 176 ] CVE-2013-5787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787\n[ 177 ] CVE-2013-5788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788\n[ 178 ] CVE-2013-5789\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789\n[ 179 ] CVE-2013-5790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790\n[ 180 ] CVE-2013-5797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797\n[ 181 ] CVE-2013-5800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800\n[ 182 ] CVE-2013-5801\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801\n[ 183 ] CVE-2013-5802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802\n[ 184 ] CVE-2013-5803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803\n[ 185 ] CVE-2013-5804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804\n[ 186 ] CVE-2013-5805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805\n[ 187 ] CVE-2013-5806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806\n[ 188 ] CVE-2013-5809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809\n[ 189 ] CVE-2013-5810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810\n[ 190 ] CVE-2013-5812\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812\n[ 191 ] CVE-2013-5814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814\n[ 192 ] CVE-2013-5817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817\n[ 193 ] CVE-2013-5818\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818\n[ 194 ] CVE-2013-5819\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819\n[ 195 ] CVE-2013-5820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820\n[ 196 ] CVE-2013-5823\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823\n[ 197 ] CVE-2013-5824\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824\n[ 198 ] CVE-2013-5825\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825\n[ 199 ] CVE-2013-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829\n[ 200 ] CVE-2013-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830\n[ 201 ] CVE-2013-5831\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831\n[ 202 ] CVE-2013-5832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832\n[ 203 ] CVE-2013-5838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838\n[ 204 ] CVE-2013-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840\n[ 205 ] CVE-2013-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842\n[ 206 ] CVE-2013-5843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843\n[ 207 ] CVE-2013-5844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844\n[ 208 ] CVE-2013-5846\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846\n[ 209 ] CVE-2013-5848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848\n[ 210 ] CVE-2013-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849\n[ 211 ] CVE-2013-5850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850\n[ 212 ] CVE-2013-5851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851\n[ 213 ] CVE-2013-5852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852\n[ 214 ] CVE-2013-5854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854\n[ 215 ] CVE-2013-5870\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870\n[ 216 ] CVE-2013-5878\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878\n[ 217 ] CVE-2013-5887\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887\n[ 218 ] CVE-2013-5888\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888\n[ 219 ] CVE-2013-5889\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889\n[ 220 ] CVE-2013-5893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893\n[ 221 ] CVE-2013-5895\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895\n[ 222 ] CVE-2013-5896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896\n[ 223 ] CVE-2013-5898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898\n[ 224 ] CVE-2013-5899\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899\n[ 225 ] CVE-2013-5902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902\n[ 226 ] CVE-2013-5904\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904\n[ 227 ] CVE-2013-5905\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905\n[ 228 ] CVE-2013-5906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906\n[ 229 ] CVE-2013-5907\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907\n[ 230 ] CVE-2013-5910\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910\n[ 231 ] CVE-2014-0368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368\n[ 232 ] CVE-2014-0373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373\n[ 233 ] CVE-2014-0375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375\n[ 234 ] CVE-2014-0376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376\n[ 235 ] CVE-2014-0382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382\n[ 236 ] CVE-2014-0385\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385\n[ 237 ] CVE-2014-0387\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387\n[ 238 ] CVE-2014-0403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403\n[ 239 ] CVE-2014-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408\n[ 240 ] CVE-2014-0410\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410\n[ 241 ] CVE-2014-0411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411\n[ 242 ] CVE-2014-0415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415\n[ 243 ] CVE-2014-0416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416\n[ 244 ] CVE-2014-0417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417\n[ 245 ] CVE-2014-0418\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418\n[ 246 ] CVE-2014-0422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422\n[ 247 ] CVE-2014-0423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423\n[ 248 ] CVE-2014-0424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424\n[ 249 ] CVE-2014-0428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201401-30.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-1907-2\nJuly 16, 2013\n\nicedtea-web update\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.04\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nIcedTea Web updated to work with new OpenJDK 7. \n\nSoftware Description:\n- icedtea-web: A web browser plugin to execute Java applets\n\nDetails:\n\nUSN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes,\nIcedTea Web needed an update to work with the new OpenJDK 7. \n\nOriginal advisory details:\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to\n information disclosure and data integrity. An attacker could exploit these\n to expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454,\n CVE-2013-2458)\n\n A vulnerability was discovered in the OpenJDK Javadoc related to data\n integrity. (CVE-2013-1571)\n\n A vulnerability was discovered in the OpenJDK JRE related to information\n disclosure and availability. An attacker could exploit this to cause a\n denial of service or expose sensitive data over the network. An attacker could exploit these to expose sensitive\n data over the network. (CVE-2013-2412, CVE-2013-2443, CVE-2013-2446,\n CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to\n availability. An attacker could exploit these to cause a denial of service. An attacker could\n exploit these to cause a denial of service or expose sensitive data over\n the network. (CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2460,\n CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470,\n CVE-2013-2471, CVE-2013-2472, CVE-2013-2473)\n\n Several vulnerabilities were discovered in the OpenJDK JRE related to data\n integrity. (CVE-2013-2453, CVE-2013-2455, CVE-2013-2457)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.04:\n icedtea-netx 1.3.2-1ubuntu1.1\n\nUbuntu 12.10:\n icedtea-netx 1.3.2-1ubuntu0.12.10.2\n\nUbuntu 12.04 LTS:\n icedtea-netx 1.2.3-0ubuntu0.12.04.3\n\nAfter a standard system update you need to restart your browser to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03874547\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03874547\nVersion: 1\n\nHPSBUX02908 rev.1 - HP-UX Running Java6, Remote Unauthorized Access,\nDisclosure of Information, and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-07-31\nLast Updated: 2013-07-31\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in the Java Runtime\nEnvironment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities could allow remote unauthorized access, disclosure of\ninformation, and other exploits. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.19 and\nearlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-1500 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6\nCVE-2013-1571 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2013-2407 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2013-2412 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2433 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2013-2437 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2442 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2013-2444 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-2445 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2013-2446 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2447 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2013-2450 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-2451 (AV:L/AC:H/Au:N/C:P/I:P/A:P) 3.7\nCVE-2013-2452 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2453 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2013-2454 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2013-2455 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2456 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-2457 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2013-2459 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2461 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2013-2463 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2464 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2466 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2468 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2470 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2471 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2472 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-2473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2013-3743 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrade to resolve these\nvulnerabilities. \n\nThe upgrade is available from the following location\n\nhttp://www.hp.com/java\n\nOS Version\n Release Version\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.20 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0 update to Java v6.0.20 or subsequent\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\n===========\nJdk60.JDK60-COM\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\nJre60.JRE60-COM\nJre60.JRE60-COM-DOC\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\naction: install revision 1.6.0.20.00 or subsequent\n\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\naction: install revision 1.6.0.20.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 31 July 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-ibm security update\nAdvisory ID: RHSA-2013:1059-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-1059.html\nIssue date: 2013-07-15\nCVE Names: CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 \n CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 \n CVE-2013-2443 CVE-2013-2444 CVE-2013-2446 \n CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 \n CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 \n CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 \n CVE-2013-2457 CVE-2013-2459 CVE-2013-2463 \n CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 \n CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 \n CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 \n CVE-2013-3743 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nIBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-1500, CVE-2013-1571,\nCVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443,\nCVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450,\nCVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455,\nCVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464,\nCVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571. \n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR14 release. All running\ninstances of IBM Java must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)\n975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243)\n975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)\n975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)\n975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)\n975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438)\n975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597)\n975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601)\n975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071)\n975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328)\n975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)\n975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)\n975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038)\n975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642)\n975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120)\n975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124)\n975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330)\n975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033)\n975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812)\n975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318)\n975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)\n975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)\n975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703)\n975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730)\n975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034)\n975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D)\n975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)\n975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)\n975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)\n975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)\n975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\n\nppc:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm\njava-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.ppc.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.ppc64.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390.rpm\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm\njava-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.s390.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.s390.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.s390.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-accessibility-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.i386.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\n\nppc64:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.ppc.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.ppc64.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-demo-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.i686.rpm\njava-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-javacomm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-jdbc-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-plugin-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\njava-1.6.0-ibm-src-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-1500.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-1571.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2407.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2412.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2437.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2442.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2443.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2444.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2446.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2447.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2448.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2450.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2451.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2452.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2453.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2454.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2455.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2456.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2457.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2459.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2463.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2464.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2465.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2466.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2468.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2469.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2470.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2471.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2472.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2473.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-3743.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFR5F7SXlSAg2UNWIIRAoLZAJ0VjJsfypi7E/eTRM17TcAUxLApcgCeOawz\nKToQFuV/rQGbw/9j9N5it68=\n=y+B0\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1571"
},
{
"db": "CERT/CC",
"id": "VU#225657"
},
{
"db": "BID",
"id": "60634"
},
{
"db": "VULMON",
"id": "CVE-2013-1571"
},
{
"db": "PACKETSTORM",
"id": "125296"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "122405"
},
{
"db": "PACKETSTORM",
"id": "126195"
},
{
"db": "PACKETSTORM",
"id": "124943"
},
{
"db": "PACKETSTORM",
"id": "122439"
},
{
"db": "PACKETSTORM",
"id": "122653"
},
{
"db": "PACKETSTORM",
"id": "122651"
},
{
"db": "PACKETSTORM",
"id": "122404"
}
],
"trust": 2.79
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/225657",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#225657"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2013-1571",
"trust": 2.9
},
{
"db": "CERT/CC",
"id": "VU#225657",
"trust": 2.8
},
{
"db": "BID",
"id": "60634",
"trust": 2.0
},
{
"db": "USCERT",
"id": "TA13-169A",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "54154",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201306-293",
"trust": 0.6
},
{
"db": "HITACHI",
"id": "HS13-015",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-02",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2013-1571",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122405",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126195",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124943",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122653",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122651",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122404",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#225657"
},
{
"db": "VULMON",
"id": "CVE-2013-1571"
},
{
"db": "BID",
"id": "60634"
},
{
"db": "PACKETSTORM",
"id": "125296"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "122405"
},
{
"db": "PACKETSTORM",
"id": "126195"
},
{
"db": "PACKETSTORM",
"id": "124943"
},
{
"db": "PACKETSTORM",
"id": "122439"
},
{
"db": "PACKETSTORM",
"id": "122653"
},
{
"db": "PACKETSTORM",
"id": "122651"
},
{
"db": "PACKETSTORM",
"id": "122404"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-293"
},
{
"db": "NVD",
"id": "CVE-2013-1571"
}
]
},
"id": "VAR-201306-0139",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2026-03-07T22:33:52.427000Z",
"patch": {
"_id": null,
"data": [
{
"title": "jre-7u25-linux-i586",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46256"
},
{
"title": "jre-7u25-macosx-x64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46260"
},
{
"title": "jre-7u25-solaris-sparcv9",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46264"
},
{
"title": "jre-7u25-windows-x64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46268"
},
{
"title": "jre-7u25-linux-i586",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46255"
},
{
"title": "jre-7u25-macosx-x64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46259"
},
{
"title": "jre-7u25-solaris-sparc",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46263"
},
{
"title": "jre-7u25-windows-i586",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46267"
},
{
"title": "jre-7u25-linux-x64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46258"
},
{
"title": "jre-7u25-solaris-x64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46262"
},
{
"title": "jre-7u25-windows-i586",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46266"
},
{
"title": "jre-7u25-linux-x64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46257"
},
{
"title": "jre-7u25-solaris-i586",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46261"
},
{
"title": "jre-7u25-windows-i586-iftw",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46265"
},
{
"title": "jre-7u25-windows-x64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46269"
},
{
"title": "Ubuntu Security Notice: openjdk-7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1907-1"
},
{
"title": "Ubuntu Security Notice: icedtea-web update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1907-2"
},
{
"title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1908-1"
},
{
"title": "Debian Security Advisories: DSA-2727-1 openjdk-6 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e7d6ea8eb77ee8911e5bbc08ff43f55c"
},
{
"title": "Debian Security Advisories: DSA-2722-1 openjdk-7 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=29128f887c1069c9cc8e265bacca4512"
},
{
"title": "Amazon Linux AMI: ALAS-2013-207",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-207"
},
{
"title": "Amazon Linux AMI: ALAS-2013-204",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-204"
},
{
"title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131456 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory"
},
{
"title": "JavadocUpdaterTool",
"trust": 0.1,
"url": "https://github.com/AdoptOpenJDK/JavadocUpdaterTool "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/oracle-java-patch-update-pushes-2013-totals-past-last-year/101014/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-1571"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-293"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1571"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.9,
"url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/60634"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/225657"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1060.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1059.html"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973474"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2013-0963.html"
},
{
"trust": 1.7,
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/54154"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1081.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03898880"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1456.html"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/ncas/alerts/ta13-169a"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=137545592101387\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=137545505800971\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:183"
},
{
"trust": 1.7,
"url": "http://advisories.mageia.org/mgasa-2013-0185.html"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19718"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19667"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19518"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17215"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2014:0414"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3ccommits.openoffice.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://tools.ietf.org/html/rfc3986#section-4.2"
},
{
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/java/javase/jdk-7-readme-429198.html"
},
{
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/java/javase/documentation/index-jsp-135444.html"
},
{
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/java/javase/downloads/java-doc-updater-tool-1955731.html"
},
{
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641464"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2013-1571"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0@%3ccommits.openoffice.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1571"
},
{
"trust": 0.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653308"
},
{
"trust": 0.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653309"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2456"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2407"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2447"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2452"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2463"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2465"
},
{
"trust": 0.5,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2453"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2464"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2455"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2457"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2459"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2442"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2412"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2448"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2437"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2446"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2444"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2454"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2450"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1500"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2466"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2451"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2469"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2461"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/tomcat-6.0-doc/changelog.html"
},
{
"trust": 0.3,
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=55132"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/ant/release-notes-1.9.2.html"
},
{
"trust": 0.3,
"url": "http://www.openoffice.org/security/cves/cve-2013-1571.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21650778"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas36583326fc6c02fdf86257bc60079968c"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/#fixed_in_apache_tomcat_6.0.39"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27039500"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04126444"
},
{
"trust": 0.3,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.jtfhr2..t.cyta.7%2a%2ak.bw89mq%5f%5fdehufqb0"
},
{
"trust": 0.3,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.jtfhr2..t.cytc.7%2a%2ak.bw89mq%5f%5fdeoifqd0"
},
{
"trust": 0.3,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.jz8iz8..t.d3wy.82bm.bw89mq%5f%5fcviafmb0"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-015/index.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21641206"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21642006"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641358"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642024"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001621"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640206"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21641335"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21648302"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641323"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641452"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21647015"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?rs=630\u0026uid=swg21641202"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641311"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641065"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100173341"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21642589"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650811"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1019760"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100175056"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641215"
},
{
"trust": 0.3,
"url": "www-01.ibm.com/support/docview.wss?uid=swg21642114"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642100"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642222"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644918"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647384"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21649701"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21643697"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650599"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004514"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21647024"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642032"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21647020"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21647009"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642016"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653854"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21641223"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655854"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645500"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648074"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21650653"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641184"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21649711"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647620"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642027"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas384b70812e39ffb2d86257bbf00581b8d"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas301d21b03888172bd86257bbf00581b95"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas3d553b85edf79912386257bbf00581ba9"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas3a3a4ad6297e8c3df86257bbf00581bb1"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652561"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641306"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24035907"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24035908"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641067"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24036927"
},
{
"trust": 0.3,
"url": "http://www.ubuntu.com/usn/usn-1908-1/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21648194"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21641387"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641364"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648416"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648418"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21648416"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21648418"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2458"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2449"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.3,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2468"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2445"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2443"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422"
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797"
},
{
"trust": 0.2,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2400"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2460"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2462"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2470"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2471"
},
{
"trust": 0.2,
"url": "http://www.hp.com/java"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/adoptopenjdk/javadocupdatertool"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3544"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0082.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1976"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2067"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2067"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1976"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1571"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-3744.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2460.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2449.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2400.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2462.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2458.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0451.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0449.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5896.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5817.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0452.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5797.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2445.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2428.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0428.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0414.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5910.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0446.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5782.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5802.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5803.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5832.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5778.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5823.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5899.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5783.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0457.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5801.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5780.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2420.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2409.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6629.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0416.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0453.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6954.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5818.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5824.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5789.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0403.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5850.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5812.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5842.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0422.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5902.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5849.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0368.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5889.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0415.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2403.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0375.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5831.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0423.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5878.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5776.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0376.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5848.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2461.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0410.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5852.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5840.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2427.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-3829.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5907.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5772.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0373.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0458.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0411.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0460.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5905.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0417.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0424.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5819.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2412.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2398.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5820.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5809.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5898.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2421.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5884.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5825.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5774.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0461.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2423.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5830.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2414.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5784.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5887.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4002.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0418.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5906.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0387.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-1876.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2401.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0456.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5790.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5787.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5804.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5843.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5888.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5814.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0429.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-5829.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0507"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0419"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5818"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5889"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0449"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2440"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0385"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2427"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0445"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3743"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5893"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3159"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5888"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0351"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5789"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1682"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5899"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5801"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5832"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5848"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0428"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1533"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1564"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3143"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0438"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5810"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5905"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201401-30.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5904"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5831"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3744"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5854"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2394"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0498"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5852"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0499"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0409"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1532"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2428"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4681"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2439"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2416"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3136"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5824"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3342"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1531"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1723"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1722"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5895"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2466"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0403"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2418"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5788"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0416"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0424"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5887"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0418"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0410"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1717"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1722"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5902"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2432"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1716"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1533"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2438"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1721"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0382"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5812"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3213"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0497"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5787"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1531"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2433"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5844"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1711"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1532"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2435"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1491"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5910"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1713"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5907"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5843"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2414"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1721"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2434"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0408"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0430"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5088"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.3.2-1ubuntu0.12.10.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.2.3-0ubuntu0.12.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.3.2-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2472"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1907-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1201908"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1907-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2433"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#225657"
},
{
"db": "VULMON",
"id": "CVE-2013-1571"
},
{
"db": "BID",
"id": "60634"
},
{
"db": "PACKETSTORM",
"id": "125296"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "122405"
},
{
"db": "PACKETSTORM",
"id": "126195"
},
{
"db": "PACKETSTORM",
"id": "124943"
},
{
"db": "PACKETSTORM",
"id": "122439"
},
{
"db": "PACKETSTORM",
"id": "122653"
},
{
"db": "PACKETSTORM",
"id": "122651"
},
{
"db": "PACKETSTORM",
"id": "122404"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-293"
},
{
"db": "NVD",
"id": "CVE-2013-1571"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#225657",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2013-1571",
"ident": null
},
{
"db": "BID",
"id": "60634",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125296",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127267",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122405",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126195",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "124943",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122439",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122653",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122404",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201306-293",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2013-1571",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#225657",
"ident": null
},
{
"date": "2013-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2013-1571",
"ident": null
},
{
"date": "2013-06-18T00:00:00",
"db": "BID",
"id": "60634",
"ident": null
},
{
"date": "2014-02-20T00:11:57",
"db": "PACKETSTORM",
"id": "125296",
"ident": null
},
{
"date": "2014-06-30T23:39:28",
"db": "PACKETSTORM",
"id": "127267",
"ident": null
},
{
"date": "2013-07-15T14:57:00",
"db": "PACKETSTORM",
"id": "122405",
"ident": null
},
{
"date": "2014-04-17T22:01:36",
"db": "PACKETSTORM",
"id": "126195",
"ident": null
},
{
"date": "2014-01-27T18:30:13",
"db": "PACKETSTORM",
"id": "124943",
"ident": null
},
{
"date": "2013-07-17T00:04:34",
"db": "PACKETSTORM",
"id": "122439",
"ident": null
},
{
"date": "2013-08-02T15:12:49",
"db": "PACKETSTORM",
"id": "122653",
"ident": null
},
{
"date": "2013-08-02T15:05:49",
"db": "PACKETSTORM",
"id": "122651",
"ident": null
},
{
"date": "2013-07-15T14:54:00",
"db": "PACKETSTORM",
"id": "122404",
"ident": null
},
{
"date": "2013-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-293",
"ident": null
},
{
"date": "2013-06-18T22:55:01.357000",
"db": "NVD",
"id": "CVE-2013-1571",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2013-06-26T00:00:00",
"db": "CERT/CC",
"id": "VU#225657",
"ident": null
},
{
"date": "2019-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2013-1571",
"ident": null
},
{
"date": "2017-08-11T20:11:00",
"db": "BID",
"id": "60634",
"ident": null
},
{
"date": "2022-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-293",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-1571",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "125296"
},
{
"db": "PACKETSTORM",
"id": "122653"
},
{
"db": "PACKETSTORM",
"id": "122651"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-293"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Oracle Javadoc HTML frame injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#225657"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "60634"
}
],
"trust": 0.3
}
}
VAR-201405-0503
Vulnerability from variot - Updated: 2026-03-05 21:29Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. Apache Tomcat is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. The following versions are vulnerable: Apache Tomcat 8.0.0-RC1 to 8.0.3 Apache Tomcat 7.0.0 to 7.0.53 Apache Tomcat 6.0.0 to 6.0.39. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- Description:
Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:053 http://www.mandriva.com/en/support/security/
Package : tomcat6 Date : March 3, 2015 Affected: Business Server 1.0
Problem Description:
Updated tomcat6 packages fix security vulnerabilities:
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075).
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099).
In Apache Tomcat 6.x before 6.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227 http://advisories.mageia.org/MGASA-2014-0268.html http://advisories.mageia.org/MGASA-2015-0081.html
Updated Packages:
Mandriva Business Server 1/X86_64: 1e8a7ceba7befde2cc00e4692edbb2c4 mbs1/x86_64/tomcat6-6.0.43-1.mbs1.noarch.rpm 06f517754e9d043a05a465bfbc9511d9 mbs1/x86_64/tomcat6-admin-webapps-6.0.43-1.mbs1.noarch.rpm 12662943e4b7474eaeb884414c1542a3 mbs1/x86_64/tomcat6-docs-webapp-6.0.43-1.mbs1.noarch.rpm 0e93126df244648f82045ef4380d4680 mbs1/x86_64/tomcat6-el-2.1-api-6.0.43-1.mbs1.noarch.rpm f9856715fa849af74d5a4a6893111572 mbs1/x86_64/tomcat6-javadoc-6.0.43-1.mbs1.noarch.rpm df7e1851bec9805d843197db0f8fda41 mbs1/x86_64/tomcat6-jsp-2.1-api-6.0.43-1.mbs1.noarch.rpm ed5b6f2cd6884b92613997b6dfd77cb7 mbs1/x86_64/tomcat6-lib-6.0.43-1.mbs1.noarch.rpm a273b8f736fd13fb066a6d7052eea925 mbs1/x86_64/tomcat6-servlet-2.5-api-6.0.43-1.mbs1.noarch.rpm 127d1d1ecf7b6be75ac9f306f66f08fd mbs1/x86_64/tomcat6-systemv-6.0.43-1.mbs1.noarch.rpm 955d38f8c9dade3438dd254fe1778075 mbs1/x86_64/tomcat6-webapps-6.0.43-1.mbs1.noarch.rpm 816110f95d3ee2f6347c9c057695d6d0 mbs1/SRPMS/tomcat6-6.0.43-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFU9XyKmqjQ0CJFipgRAvukAKCI1DXuj5eJr1SVaNIoXhz9PUilpQCg0l4c 77X/s+2Ee3FYUp9lZWBmLRg= =pm31 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04851013
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04851013 Version: 1
HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-10-15 Last Updated: 2015-10-15
Potential Security Impact: Remote multiple vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP OpenVMS CSWS_JAVA running Tomcat. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts.
References:
CVE-2013-4286 CVE-2013-4322 CVE-2013-4444 CVE-2013-4590 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119 CVE-2014-0230 CVE-2014-0277 SSRT101975
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenVMS CSWS_JAVA v7.0.29 Tomcat
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-4286 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-4322 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-4444 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2013-4590 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0096 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-0119 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0230 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2014-0277 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software update to resolve the vulnerabilities in HP OpenVMS CSWS_Java.
"Cumulative security patch for vulnerabilities addressed on CSWS_JAVA v7.0.29"
http://auth-h71000-pro-sitebuilder.houston.hp.com/openvms/products/ips/apac he/csws_java.html
HISTORY Version:1 (rev.1) - 15 October 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description:
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database.
CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix
CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack
CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file
CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter
CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header
CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application
CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation
CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter
CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE)
CVE-2014-3490 RESTEasy: XXE via parameter entities
CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage
CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider
CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state
Red Hat would like to thank James Roper of Typesafe for reporting CVE-2014-0193, Alexander Papadakis for reporting CVE-2014-3530, and Rune Steinseth of JProfessionals for reporting CVE-2014-8122. Bugs fixed (https://bugzilla.redhat.com/):
1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file 1065139 - CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions 1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1092783 - CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application 1105242 - CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE) 1107901 - CVE-2014-3490 RESTEasy: XXE via parameter entities 1109196 - CVE-2014-0227 Tomcat/JBossWeb: request smuggling andl imited DoS in ChunkedInputFilter 1112987 - CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage 1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix 1129916 - CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix 1157304 - CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods 1165328 - CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider 1169237 - CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 2.1.0 update Advisory ID: RHSA-2014:1086-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1086.html Issue date: 2014-08-21 CVE Names: CVE-2013-4590 CVE-2014-0118 CVE-2014-0119 CVE-2014-0221 CVE-2014-0226 CVE-2014-0231 =====================================================================
- Summary:
Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 5 and 6, Solaris, and Microsoft Windows.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes.
The following security issues are also fixed with this release:
A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2014-0226)
A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the "DEFLATE" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118)
A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221)
Note: This update provides a fix for the CVE-2014-0221 issue in openssl packages for Solaris and Microsoft Windows.
A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)
It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590)
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. (CVE-2014-0119)
Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original reporter of this issue.
All users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat Customer Portal are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The JBoss server process must be restarted for this update to take effect.
- Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
- Bugs fixed (https://bugzilla.redhat.com/):
1069911 - CVE-2013-4590 tomcat: information disclosure via XXE when running untrusted web applications 1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1120596 - CVE-2014-0231 httpd: mod_cgid denial of service 1120601 - CVE-2014-0118 httpd: mod_deflate denial of service 1120603 - CVE-2014-0226 httpd: mod_status heap-based buffer overflow
- References:
https://www.redhat.com/security/data/cve/CVE-2013-4590.html https://www.redhat.com/security/data/cve/CVE-2014-0118.html https://www.redhat.com/security/data/cve/CVE-2014-0119.html https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-0226.html https://www.redhat.com/security/data/cve/CVE-2014-0231.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=2.1.0 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Server/2.1/html/2.1.0_Release_Notes/index.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFT9hecXlSAg2UNWIIRAh5tAKC8AVPwwVfAAgrVrjp0nP2oT9rwxACglHQF iUtOR3WMFQlRV6aH9V74wdg= =Q/ub -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Mitigation: Users of affected versions should apply one of the following mitigations - Upgrade to Apache Tomcat 8.0.8 or later (8.0.6 and 8.0.7 contain the fix but were not released) - Upgrade to Apache Tomcat 7.0.54 or later - Upgrade to Apache Tomcat 6.0.41 or later (6.0.40 contains the fix but was not released)
Credit: This issue was identified by the Tomcat security team. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29
http://security.gentoo.org/
Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29
Synopsis
Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56
Description
Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"
All Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"
References
[ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-29.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.53"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.52"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"_id": null,
"model": "jboss enterprise application platform el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "jboss enterprise application platform el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "enterprise data quality",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.11"
},
{
"_id": null,
"model": "enterprise data quality",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.2"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.3"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.1"
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2012.1"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2014.2"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2014.1"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"_id": null,
"model": "websphere application server community edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.4"
},
{
"_id": null,
"model": "websphere application server community edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.6"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.4"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.3"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.2"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.14"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.13"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.12"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.11"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.2"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.5"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8"
},
{
"_id": null,
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"_id": null,
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.21-21"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.21-20"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.3"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.2"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.1"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.0"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2.1"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2.0"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.1.0"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2.3"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2.2"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.5"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.4"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.52"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.51"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.14"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.13"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.12"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.11"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "rational test virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "rational test virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.4"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.3"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"_id": null,
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "rational lifecycle adapter for hp alm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "rational lifecycle adapter for hp alm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.21"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.2"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.11"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.1"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.51"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.51"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.45"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.44"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.6"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"_id": null,
"model": "rational doors web access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.2"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.1"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"_id": null,
"model": "rational directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"_id": null,
"model": "qradar security information and event manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "qradar security information and event manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.0.0"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.0.0"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.9.0"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.8.0"
},
{
"_id": null,
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.3.0"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.5"
},
{
"_id": null,
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "cognos metrics manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "cognos business viewpoint fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "cognos business viewpoint fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "cognos business viewpoint fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.11"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "cognos business intelligence server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "algo audit and compliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"_id": null,
"model": "algo audit and compliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "openvms csws java",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.29"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.40"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.0"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.4"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.3"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.2"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1.1"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.1"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.02"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.01"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "conferencing standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "conferencing standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.5"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.5"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.5"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.5"
},
{
"_id": null,
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1.0.9"
},
{
"_id": null,
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"_id": null,
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "aura presence services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "aura messaging sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura conferencing sp1 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura application server sip core pb5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"_id": null,
"model": "aura application server sip core pb3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.1"
},
{
"_id": null,
"model": "aura application server sip core pb28",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "aura application server sip core pb26",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "aura application server sip core pb25",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "aura application server sip core pb23",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "aura application server sip core pb19",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "aura application server sip core pb16",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.25"
},
{
"_id": null,
"model": "tomcat 8.0.0-rc6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat 8.0.0-rc5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat 8.0.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat 8.0.0-rc10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat 8.0.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.39"
},
{
"_id": null,
"model": "security threat response manager 2013.2r9",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "secure analytics 2014.3r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "secure analytics 2013.2r9",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.6"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.10"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.3.4"
},
{
"_id": null,
"model": "rational sap connector",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.5"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.54"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.41"
}
],
"sources": [
{
"db": "BID",
"id": "67669"
},
{
"db": "NVD",
"id": "CVE-2014-0119"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "127954"
},
{
"db": "PACKETSTORM",
"id": "131007"
},
{
"db": "PACKETSTORM",
"id": "130781"
},
{
"db": "PACKETSTORM",
"id": "127958"
}
],
"trust": 0.4
},
"cve": "CVE-2014-0119",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0119",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0119",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0119"
}
]
},
"description": {
"_id": null,
"data": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. Apache Tomcat is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. \nThe following versions are vulnerable:\nApache Tomcat 8.0.0-RC1 to 8.0.3\nApache Tomcat 7.0.0 to 7.0.53\nApache Tomcat 6.0.0 to 6.0.39. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. Description:\n\nRed Hat JBoss Fuse Service Works is the next-generation ESB and business\nprocess automation infrastructure. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:053\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : tomcat6\n Date : March 3, 2015\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated tomcat6 packages fix security vulnerabilities:\n \n Integer overflow in the parseChunkHeader function in\n java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in\n Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote\n attackers to cause a denial of service (resource consumption) via a\n malformed chunk size in chunked transfer coding of a request during\n the streaming of data (CVE-2014-0075). \n \n Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in\n Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated\n behind a reverse proxy, allows remote attackers to conduct HTTP\n request smuggling attacks via a crafted Content-Length HTTP header\n (CVE-2014-0099). \n \n In Apache Tomcat 6.x before 6.0.55, it was possible to craft a\n malformed chunk as part of a chunked request that caused Tomcat to\n read part of the request body as a new request (CVE-2014-0227). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227\n http://advisories.mageia.org/MGASA-2014-0268.html\n http://advisories.mageia.org/MGASA-2015-0081.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 1e8a7ceba7befde2cc00e4692edbb2c4 mbs1/x86_64/tomcat6-6.0.43-1.mbs1.noarch.rpm\n 06f517754e9d043a05a465bfbc9511d9 mbs1/x86_64/tomcat6-admin-webapps-6.0.43-1.mbs1.noarch.rpm\n 12662943e4b7474eaeb884414c1542a3 mbs1/x86_64/tomcat6-docs-webapp-6.0.43-1.mbs1.noarch.rpm\n 0e93126df244648f82045ef4380d4680 mbs1/x86_64/tomcat6-el-2.1-api-6.0.43-1.mbs1.noarch.rpm\n f9856715fa849af74d5a4a6893111572 mbs1/x86_64/tomcat6-javadoc-6.0.43-1.mbs1.noarch.rpm\n df7e1851bec9805d843197db0f8fda41 mbs1/x86_64/tomcat6-jsp-2.1-api-6.0.43-1.mbs1.noarch.rpm\n ed5b6f2cd6884b92613997b6dfd77cb7 mbs1/x86_64/tomcat6-lib-6.0.43-1.mbs1.noarch.rpm\n a273b8f736fd13fb066a6d7052eea925 mbs1/x86_64/tomcat6-servlet-2.5-api-6.0.43-1.mbs1.noarch.rpm\n 127d1d1ecf7b6be75ac9f306f66f08fd mbs1/x86_64/tomcat6-systemv-6.0.43-1.mbs1.noarch.rpm\n 955d38f8c9dade3438dd254fe1778075 mbs1/x86_64/tomcat6-webapps-6.0.43-1.mbs1.noarch.rpm \n 816110f95d3ee2f6347c9c057695d6d0 mbs1/SRPMS/tomcat6-6.0.43-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFU9XyKmqjQ0CJFipgRAvukAKCI1DXuj5eJr1SVaNIoXhz9PUilpQCg0l4c\n77X/s+2Ee3FYUp9lZWBmLRg=\n=pm31\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04851013\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04851013\nVersion: 1\n\nHPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote\nVulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-10-15\nLast Updated: 2015-10-15\n\nPotential Security Impact: Remote multiple vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in HP OpenVMS\nCSWS_JAVA running Tomcat. These vulnerabilities could be exploited remotely\nto create a Denial of Service (DoS) and other impacts. \n\nReferences:\n\nCVE-2013-4286\nCVE-2013-4322\nCVE-2013-4444\nCVE-2013-4590\nCVE-2014-0075\nCVE-2014-0096\nCVE-2014-0099\nCVE-2014-0119\nCVE-2014-0230\nCVE-2014-0277\nSSRT101975\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP OpenVMS CSWS_JAVA v7.0.29 Tomcat\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-4286 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2013-4322 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2013-4444 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2013-4590 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-0096 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-0119 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0230 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2014-0277 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software update to resolve the vulnerabilities\nin HP OpenVMS CSWS_Java. \n\n \"Cumulative security patch for vulnerabilities addressed on CSWS_JAVA\nv7.0.29\"\n\n http://auth-h71000-pro-sitebuilder.houston.hp.com/openvms/products/ips/apac\nhe/csws_java.html\n\nHISTORY\nVersion:1 (rev.1) - 15 October 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Description:\n\nRed Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems\u2014such as multiple databases, XML\nfiles, and even Hadoop systems\u2014appear as a set of tables in a local\ndatabase. \n\nCVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname\nverification bypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname\nverification bypass, incomplete CVE-2012-6153 fix\n\nCVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP,\n8017298)\n\nCVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature\nDoS Attack\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2014-0059 JBossSX/PicketBox: World readable audit.log file\n\nCVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n\nCVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content\nlength header\n\nCVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web\napplication\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal\nEntity (XXE)\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics\nenforcement of SAML SubjectConfirmation methods\n\nCVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider\n\nCVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread\nstate\n\nRed Hat would like to thank James Roper of Typesafe for reporting\nCVE-2014-0193, Alexander Papadakis for reporting CVE-2014-3530, and Rune\nSteinseth of JProfessionals for reporting CVE-2014-8122. Bugs fixed (https://bugzilla.redhat.com/):\n\n1019176 - CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298)\n1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack\n1063642 - CVE-2014-0059 JBossSX/PicketBox: World readable audit.log file\n1065139 - CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions\n1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n1092783 - CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header\n1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application\n1105242 - CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE)\n1107901 - CVE-2014-3490 RESTEasy: XXE via parameter entities\n1109196 - CVE-2014-0227 Tomcat/JBossWeb: request smuggling andl imited DoS in ChunkedInputFilter\n1112987 - CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n1129074 - CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix\n1129916 - CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix\n1157304 - CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods\n1165328 - CVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider\n1169237 - CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 2.1.0 update\nAdvisory ID: RHSA-2014:1086-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1086.html\nIssue date: 2014-08-21\nCVE Names: CVE-2013-4590 CVE-2014-0118 CVE-2014-0119 \n CVE-2014-0221 CVE-2014-0226 CVE-2014-0231 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Web Server 2.1.0, which fixes multiple security issues and\nseveral bugs, is now available from the Red Hat Customer Portal for Red Hat\nEnterprise Linux 5 and 6, Solaris, and Microsoft Windows. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. \n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.1,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes. \n\nThe following security issues are also fixed with this release:\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the \"apache\" user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd\u0027s mod_deflate module\nhandled request body decompression (configured via the \"DEFLATE\" input\nfilter). A remote attacker able to send a request whose body would be\ndecompressed could use this flaw to consume an excessive amount of system\nmemory and CPU on the target system. (CVE-2014-0118)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nNote: This update provides a fix for the CVE-2014-0221 issue in openssl\npackages for Solaris and Microsoft Windows. \n\nA denial of service flaw was found in the way httpd\u0027s mod_cgid module\nexecuted CGI scripts that did not read data from the standard input. \nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nIt was found that several application-provided XML files, such as web.xml,\ncontent.xml, *.tld, *.tagx, and *.jspx, resolved external entities,\npermitting XML External Entity (XXE) attacks. Note that this flaw only affected deployments in which Tomcat\nis running applications from untrusted sources, such as in a shared hosting\nenvironment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Tomcat to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. (CVE-2014-0119)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue. \n\nAll users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Web Server 2.1.0. \nThe JBoss server process must be restarted for this update to take effect. \n\n3. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1069911 - CVE-2013-4590 tomcat: information disclosure via XXE when running untrusted web applications\n1102038 - CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1120596 - CVE-2014-0231 httpd: mod_cgid denial of service\n1120601 - CVE-2014-0118 httpd: mod_deflate denial of service\n1120603 - CVE-2014-0226 httpd: mod_status heap-based buffer overflow\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-4590.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0118.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0119.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0226.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0231.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=2.1.0\nhttps://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Server/2.1/html/2.1.0_Release_Notes/index.html\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFT9hecXlSAg2UNWIIRAh5tAKC8AVPwwVfAAgrVrjp0nP2oT9rwxACglHQF\niUtOR3WMFQlRV6aH9V74wdg=\n=Q/ub\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nMitigation:\nUsers of affected versions should apply one of the following mitigations\n- Upgrade to Apache Tomcat 8.0.8 or later\n (8.0.6 and 8.0.7 contain the fix but were not released)\n- Upgrade to Apache Tomcat 7.0.54 or later\n- Upgrade to Apache Tomcat 6.0.41 or later\n (6.0.40 contains the fix but was not released)\n\nCredit:\nThis issue was identified by the Tomcat security team. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: December 15, 2014\n Bugs: #442014, #469434, #500600, #511762, #517630, #519590\n ID: 201412-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich may result in Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat \u003c 7.0.56 *\u003e= 6.0.41\n \u003e= 7.0.56\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.41\"\n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.56\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2733\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733\n[ 2 ] CVE-2012-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544\n[ 3 ] CVE-2012-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546\n[ 4 ] CVE-2012-4431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431\n[ 5 ] CVE-2012-4534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534\n[ 6 ] CVE-2012-5885\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885\n[ 7 ] CVE-2012-5886\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886\n[ 8 ] CVE-2012-5887\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887\n[ 9 ] CVE-2013-2067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067\n[ 10 ] CVE-2013-2071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071\n[ 11 ] CVE-2013-4286\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286\n[ 12 ] CVE-2013-4322\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322\n[ 13 ] CVE-2013-4590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590\n[ 14 ] CVE-2014-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033\n[ 15 ] CVE-2014-0050\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050\n[ 16 ] CVE-2014-0075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075\n[ 17 ] CVE-2014-0096\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096\n[ 18 ] CVE-2014-0099\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099\n[ 19 ] CVE-2014-0119\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-29.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0119"
},
{
"db": "BID",
"id": "67669"
},
{
"db": "PACKETSTORM",
"id": "127954"
},
{
"db": "PACKETSTORM",
"id": "131007"
},
{
"db": "PACKETSTORM",
"id": "130616"
},
{
"db": "PACKETSTORM",
"id": "133997"
},
{
"db": "PACKETSTORM",
"id": "130781"
},
{
"db": "PACKETSTORM",
"id": "127958"
},
{
"db": "PACKETSTORM",
"id": "126853"
},
{
"db": "PACKETSTORM",
"id": "129553"
}
],
"trust": 1.89
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0119",
"trust": 2.1
},
{
"db": "BID",
"id": "67669",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "60729",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59732",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59873",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1030298",
"trust": 1.0
},
{
"db": "JUNIPER",
"id": "JSA10657",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "127954",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131007",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130616",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133997",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130781",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127958",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129553",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "67669"
},
{
"db": "PACKETSTORM",
"id": "127954"
},
{
"db": "PACKETSTORM",
"id": "131007"
},
{
"db": "PACKETSTORM",
"id": "130616"
},
{
"db": "PACKETSTORM",
"id": "133997"
},
{
"db": "PACKETSTORM",
"id": "130781"
},
{
"db": "PACKETSTORM",
"id": "127958"
},
{
"db": "PACKETSTORM",
"id": "126853"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "NVD",
"id": "CVE-2014-0119"
}
]
},
"id": "VAR-201405-0503",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.452724815
},
"last_update_date": "2026-03-05T21:29:36.801000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0119"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.4,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.4,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.4,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.3,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0720.html"
},
{
"trust": 1.1,
"url": "http://advisories.mageia.org/mgasa-2014-0268.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0675.html"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1030298"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:052"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
},
{
"trust": 1.0,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0765.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59732"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04851013"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"trust": 1.0,
"url": "http://www.ubuntu.com/usn/usn-2654-1"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/67669"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2016/dsa-3552"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2014/may/141"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:053"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/60729"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59873"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682740"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686477"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0843.html"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10657\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100182136"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04851013"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04223376"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684910"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677448"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0842.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683334"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004849"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682393"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683430"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683445"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677222"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684768"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679568"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020714"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21688095"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676983"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15429.html?ref=rss"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678892"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100182576"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0119.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0231.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_web_server/2.1/html/2.1.0_release_notes/index.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0118.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0226.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4590.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2013-4002"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6153"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3490"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3530"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2013-5855"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0099"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3481"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5855"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0096"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3490"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4002"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0193"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0227"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0075"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2012-6153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0119"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3530"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-1088.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse.serviceworks\u0026downloadtype=securitypatches\u0026version=6.0.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0005"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3472"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3578"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3578"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0081.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0277"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4444"
},
{
"trust": 0.1,
"url": "http://auth-h71000-pro-sitebuilder.houston.hp.com/openvms/products/ips/apac"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.services.platform\u0026downloadtype=distributions\u0026version=6.1.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0059"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-4517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-7839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=2.1.0"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-1086.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5885"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0033"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-29.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5887"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4431"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0050"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2733"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3544"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2071"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4322"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5886"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4590"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2733"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4431"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4534"
}
],
"sources": [
{
"db": "BID",
"id": "67669"
},
{
"db": "PACKETSTORM",
"id": "127954"
},
{
"db": "PACKETSTORM",
"id": "131007"
},
{
"db": "PACKETSTORM",
"id": "130616"
},
{
"db": "PACKETSTORM",
"id": "133997"
},
{
"db": "PACKETSTORM",
"id": "130781"
},
{
"db": "PACKETSTORM",
"id": "127958"
},
{
"db": "PACKETSTORM",
"id": "126853"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "NVD",
"id": "CVE-2014-0119"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "BID",
"id": "67669",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127954",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "131007",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130616",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "133997",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130781",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127958",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126853",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129553",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0119",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-05-27T00:00:00",
"db": "BID",
"id": "67669",
"ident": null
},
{
"date": "2014-08-21T19:34:29",
"db": "PACKETSTORM",
"id": "127954",
"ident": null
},
{
"date": "2015-03-25T00:39:51",
"db": "PACKETSTORM",
"id": "131007",
"ident": null
},
{
"date": "2015-03-03T16:53:57",
"db": "PACKETSTORM",
"id": "130616",
"ident": null
},
{
"date": "2015-10-16T23:23:00",
"db": "PACKETSTORM",
"id": "133997",
"ident": null
},
{
"date": "2015-03-12T00:59:47",
"db": "PACKETSTORM",
"id": "130781",
"ident": null
},
{
"date": "2014-08-21T19:34:55",
"db": "PACKETSTORM",
"id": "127958",
"ident": null
},
{
"date": "2014-05-30T02:36:01",
"db": "PACKETSTORM",
"id": "126853",
"ident": null
},
{
"date": "2014-12-15T20:00:49",
"db": "PACKETSTORM",
"id": "129553",
"ident": null
},
{
"date": "2014-05-31T11:17:13.357000",
"db": "NVD",
"id": "CVE-2014-0119",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-05-23T16:27:00",
"db": "BID",
"id": "67669",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0119",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "67669"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "67669"
}
],
"trust": 0.3
},
"type": {
"_id": null,
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "67669"
}
],
"trust": 0.3
}
}
VAR-201405-0543
Vulnerability from variot - Updated: 2026-03-05 21:07Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFl05mqjQ0CJFipgRAniKAKC/MpUAj48M/7CzWXB4hv87uo99lwCg4Em4 9yRzhuJFw0DWd+dOc4antEU= =SHMh -----END PGP SIGNATURE----- . (CVE-2014-0096)
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Description:
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database. It includes various bug fixes, which are listed in the README file included with the patch files.
The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security and bug fix update Advisory ID: RHSA-2014:0834-02 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0834.html Issue date: 2014-07-03 CVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 =====================================================================
- Summary:
Updated tomcat6 packages that fix three security issues and one bug are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 2 for RHEL 5 Server - noarch Red Hat JBoss Web Server 2 for RHEL 6 Server - noarch
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. (CVE-2014-0075)
It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.
This update also fixes the following bug:
The tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a dependency of Red Hat JBoss Web Server 2.0.1, included a build of commons-dbcp.jar that used an incorrect java package name, causing applications using this dependency to not function properly. With this update, the java package name has been corrected. (BZ#1101287)
All users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these updated tomcat6 packages, which contain backported patches to correct these issues. The Red Hat JBoss Web Server process must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter 1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs 1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header
- Package List:
Red Hat JBoss Web Server 2 for RHEL 5 Server:
Source: tomcat6-6.0.37-20_patch_04.ep6.el5.src.rpm
noarch: tomcat6-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-admin-webapps-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-docs-webapp-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-el-2.1-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-javadoc-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-lib-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-log4j-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm tomcat6-webapps-6.0.37-20_patch_04.ep6.el5.noarch.rpm
Red Hat JBoss Web Server 2 for RHEL 6 Server:
Source: tomcat6-6.0.37-29_patch_05.ep6.el6.src.rpm
noarch: tomcat6-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-admin-webapps-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-docs-webapp-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-el-2.1-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-javadoc-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-lib-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-log4j-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm tomcat6-webapps-6.0.37-29_patch_05.ep6.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-0075.html https://www.redhat.com/security/data/cve/CVE-2014-0096.html https://www.redhat.com/security/data/cve/CVE-2014-0099.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTtaQUXlSAg2UNWIIRAnQNAJ9XOAJ7/QdoJa25ws3FiVfBOatOVwCgoOfn nr2IjzFsTM7cxwO3OBPd6HY= =oNNp -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04483248
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04483248 Version: 1
HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-10-20 Last Updated: 2014-10-20
Potential Security Impact: Remote Denial of Service (DoS), man-in-the-middle (MitM) attack, HTTP request smuggling, modification of data; local modification of data
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.
References:
CVE-2013-4248 - PHP: man-in-the-middle (MitM) attack
CVE-2013-4286 - Tomcat: remote HTTP request smuggling
CVE-2013-6438 - Tomcat: remote Denial of Service (DoS)
CVE-2014-0075 - Tomcat: remote Denial of Service (DoS)
CVE-2014-0098 - Tomcat: remote Denial of Service (DoS)
CVE-2014-0099 - Tomcat: remote HTTP request smuggling
CVE-2014-3981 - PHP: local modification of data
SSRT101681
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23 running HP-UX Apache Web Server Suite v3.29 or earlier
HP-UX B.11.23 running Tomcat v5.5.36.01 or earlier
HP-UX B.11.23 running PHP v5.2.17.03 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-4248 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-4286 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2013-6438 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0098 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3981 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerabilities.
The updates are available for download from http://software.hp.com
NOTE: HP-UX Web Server Suite v3.30 HPUXWSATW330 contains Apache v2.2.15.21, Tomcat Servlet Engine 5.5.36.02, and PHP 5.2.17.04
HP-UX 11i Release Apache Depot name
B.11.23 (11i v2 32-bit) HP_UX_11.23_HPUXWS22ATW-B330-11-23-32.depot
B.11.23 (11i v2 64-bit) HP_UX_11.23_HPUXWS22ATW-B330-11-23-64.depot
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.30 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.15.21 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 20 October 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description:
Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "6.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.52"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle enterprise data quality 9.0.11"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1.2"
},
{
"_id": null,
"model": "rational lifecycle integration adapter",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for hp alm 1.0 to 1.1"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.63"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.71"
},
{
"_id": null,
"model": "communications policy management",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "12.1.1 and earlier"
},
{
"_id": null,
"model": "rational build forge",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "i"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "7.x"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "8.x"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.9.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.4"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.4.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.1.4"
},
{
"_id": null,
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "i advanced"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.53"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9.7.3"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle enterprise data quality 8.1.2"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "6.0.39"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-585"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002698"
},
{
"db": "NVD",
"id": "CVE-2014-0075"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:ibm_urbancode_release",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:rational_build_forge",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:rational_lifecycle_integration_adapter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_policy_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:virtualization_secure_global_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002698"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "130430"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "130781"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "PACKETSTORM",
"id": "130429"
}
],
"trust": 0.5
},
"cve": "CVE-2014-0075",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0075",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0075",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0075",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-585",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-585"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002698"
},
{
"db": "NVD",
"id": "CVE-2014-0075"
}
]
},
"description": {
"_id": null,
"data": "Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. \n \n java/org/apache/catalina/servlets/DefaultServlet.java in the default\n servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not\n properly restrict XSLT stylesheets, which allows remote attackers\n to bypass security-manager restrictions and read arbitrary files\n via a crafted web application that provides an XML external entity\n declaration in conjunction with an entity reference, related to an\n XML External Entity (XXE) issue (CVE-2014-0096). The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFl05mqjQ0CJFipgRAniKAKC/MpUAj48M/7CzWXB4hv87uo99lwCg4Em4\n9yRzhuJFw0DWd+dOc4antEU=\n=SHMh\n-----END PGP SIGNATURE-----\n. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nRed Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems\u2014such as multiple databases, XML\nfiles, and even Hadoop systems\u2014appear as a set of tables in a local\ndatabase. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files. \n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security and bug fix update\nAdvisory ID: RHSA-2014:0834-02\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0834.html\nIssue date: 2014-07-03\nCVE Names: CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 \n=====================================================================\n\n1. Summary:\n\nUpdated tomcat6 packages that fix three security issues and one bug are now\navailable for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5\nand 6. \n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 2 for RHEL 5 Server - noarch\nRed Hat JBoss Web Server 2 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly. \n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity. \n\nThis update also fixes the following bug:\n\nThe tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a\ndependency of Red Hat JBoss Web Server 2.0.1, included a build of\ncommons-dbcp.jar that used an incorrect java package name, causing\napplications using this dependency to not function properly. With this\nupdate, the java package name has been corrected. (BZ#1101287)\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these\nupdated tomcat6 packages, which contain backported patches to correct these\nissues. The Red Hat JBoss Web Server process must be restarted for the\nupdate to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files). \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1072776 - CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n1088342 - CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n1102030 - CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header\n\n6. Package List:\n\nRed Hat JBoss Web Server 2 for RHEL 5 Server:\n\nSource:\ntomcat6-6.0.37-20_patch_04.ep6.el5.src.rpm\n\nnoarch:\ntomcat6-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-admin-webapps-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-docs-webapp-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-el-2.1-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-javadoc-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-lib-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-log4j-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.37-20_patch_04.ep6.el5.noarch.rpm\ntomcat6-webapps-6.0.37-20_patch_04.ep6.el5.noarch.rpm\n\nRed Hat JBoss Web Server 2 for RHEL 6 Server:\n\nSource:\ntomcat6-6.0.37-29_patch_05.ep6.el6.src.rpm\n\nnoarch:\ntomcat6-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-admin-webapps-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-docs-webapp-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-el-2.1-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-javadoc-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-lib-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-log4j-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.37-29_patch_05.ep6.el6.noarch.rpm\ntomcat6-webapps-6.0.37-29_patch_05.ep6.el6.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0075.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0096.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0099.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTtaQUXlSAg2UNWIIRAnQNAJ9XOAJ7/QdoJa25ws3FiVfBOatOVwCgoOfn\nnr2IjzFsTM7cxwO3OBPd6HY=\n=oNNp\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04483248\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04483248\nVersion: 1\n\nHPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache\nTomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-10-20\nLast Updated: 2014-10-20\n\nPotential Security Impact: Remote Denial of Service (DoS), man-in-the-middle\n(MitM) attack, HTTP request smuggling, modification of data; local\nmodification of data\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the HP-UX Apache\nWeb Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited\nremotely to create a Denial of Service (DoS) and other vulnerabilities. \n\nReferences:\n\nCVE-2013-4248 - PHP: man-in-the-middle (MitM) attack\n\nCVE-2013-4286 - Tomcat: remote HTTP request smuggling\n\nCVE-2013-6438 - Tomcat: remote Denial of Service (DoS)\n\nCVE-2014-0075 - Tomcat: remote Denial of Service (DoS)\n\nCVE-2014-0098 - Tomcat: remote Denial of Service (DoS)\n\nCVE-2014-0099 - Tomcat: remote HTTP request smuggling\n\nCVE-2014-3981 - PHP: local modification of data\n\nSSRT101681\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.23 running HP-UX Apache Web Server Suite v3.29 or earlier\n\nHP-UX B.11.23 running Tomcat v5.5.36.01 or earlier\n\nHP-UX B.11.23 running PHP v5.2.17.03 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-4248 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2013-4286 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2013-6438 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-0075 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-0098 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-0099 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3981 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \n\nThe updates are available for download from http://software.hp.com\n\nNOTE: HP-UX Web Server Suite v3.30 HPUXWSATW330 contains Apache v2.2.15.21,\nTomcat Servlet Engine 5.5.36.02, and PHP 5.2.17.04\n\nHP-UX 11i Release\n Apache Depot name\n\nB.11.23 (11i v2 32-bit)\n HP_UX_11.23_HPUXWS22ATW-B330-11-23-32.depot\n\nB.11.23 (11i v2 64-bit)\n HP_UX_11.23_HPUXWS22ATW-B330-11-23-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.30 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.2.2.15.21 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 20 October 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Description:\n\nRed Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes. \n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM\nSuite 6.0.3, and includes bug fixes and enhancements",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0075"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002698"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "130616"
},
{
"db": "PACKETSTORM",
"id": "130430"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "130781"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "PACKETSTORM",
"id": "128783"
},
{
"db": "PACKETSTORM",
"id": "130429"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0075",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "59678",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60793",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59616",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59835",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59849",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59121",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59732",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59873",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60729",
"trust": 1.6
},
{
"db": "BID",
"id": "67671",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002698",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201405-585",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "131089",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130616",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127366",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130781",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127335",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128783",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130429",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "130616"
},
{
"db": "PACKETSTORM",
"id": "130430"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "130781"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "PACKETSTORM",
"id": "128783"
},
{
"db": "PACKETSTORM",
"id": "130429"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-585"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002698"
},
{
"db": "NVD",
"id": "CVE-2014-0075"
}
]
},
"id": "VAR-201405-0543",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2026-03-05T21:07:08.271000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Apache Tomcat 6.x vulnerabilities",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"title": "Apache Tomcat 7.x vulnerabilities",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"title": "Apache Tomcat 8.x vulnerabilities",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"title": "Revision 1578341",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578341"
},
{
"title": "Revision 1578337",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578337"
},
{
"title": "Revision 1579262",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1579262"
},
{
"title": "HS15-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-007/index.html"
},
{
"title": "HPSBUX03150 SSRT101681",
"trust": 0.8,
"url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04483248\u0026lang=en\u0026cc=us"
},
{
"title": "1680603",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"title": "1681528",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"title": "1678231",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"title": "7010166",
"trust": 0.8,
"url": "http://www.novell.com/support/kb/doc.php?id=7010166 "
},
{
"title": "ELSA-2014-0865",
"trust": 0.8,
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"title": "RHSA-2015:0765",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"title": "RHSA-2015:0234",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2015-0234.html"
},
{
"title": "RHSA-2015:0235",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2015-0235.html"
},
{
"title": "RHSA-2015:0675",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"title": "RHSA-2015:0720",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"title": "October 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
},
{
"title": "CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat ",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors"
},
{
"title": "October 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2014_critical_patch_update"
},
{
"title": "VMSA-2014-0012",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"title": "HS15-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-007/index.html"
},
{
"title": "apache-tomcat-7.0.53",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50506"
},
{
"title": "apache-tomcat-8.0.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50510"
},
{
"title": "apache-tomcat-6.0.41",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50505"
},
{
"title": "apache-tomcat-8.0.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50509"
},
{
"title": "apache-tomcat-6.0.41",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50504"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-585"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002698"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002698"
},
{
"db": "NVD",
"id": "CVE-2014-0075"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "http://advisories.mageia.org/mgasa-2014-0268.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0675.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/67671"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-february/150282.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60729"
},
{
"trust": 1.6,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59121"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578341"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59732"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59678"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59835"
},
{
"trust": 1.6,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04851013"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:052"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59616"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:053"
},
{
"trust": 1.6,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.6,
"url": "http://linux.oracle.com/errata/elsa-2014-0865.html"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1579262"
},
{
"trust": 1.6,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59873"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578337"
},
{
"trust": 1.6,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0720.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59849"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60793"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0765.html"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0075"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2013-4002"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6153"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-3490"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3530"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2013-5855"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-0099"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5855"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-0096"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0193"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3490"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4002"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-0193"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-0227"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-0075"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2012-6153"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-0119"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-3530"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8115"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8114"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8114"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3558"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-0005"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3558"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3472"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3625"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3472"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3682"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3578"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3578"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3682"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8115"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0096.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0075.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0099.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0149.html"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0110.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0081.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0235.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=distributions\u0026version=6.0.3"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0842.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.2.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.services.platform\u0026downloadtype=distributions\u0026version=6.1.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0059"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-4517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-7839"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0834.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2015-0234.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite\u0026downloadtype=distributions\u0026version=6.0.3"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "130616"
},
{
"db": "PACKETSTORM",
"id": "130430"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "130781"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "PACKETSTORM",
"id": "128783"
},
{
"db": "PACKETSTORM",
"id": "130429"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-585"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002698"
},
{
"db": "NVD",
"id": "CVE-2014-0075"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "PACKETSTORM",
"id": "131089",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130616",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130430",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127366",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130781",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127335",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128783",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130429",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201405-585",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002698",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0075",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-03-30T21:20:12",
"db": "PACKETSTORM",
"id": "131089",
"ident": null
},
{
"date": "2015-03-03T16:53:57",
"db": "PACKETSTORM",
"id": "130616",
"ident": null
},
{
"date": "2015-02-17T22:24:00",
"db": "PACKETSTORM",
"id": "130430",
"ident": null
},
{
"date": "2014-07-07T20:28:32",
"db": "PACKETSTORM",
"id": "127366",
"ident": null
},
{
"date": "2015-03-12T00:59:47",
"db": "PACKETSTORM",
"id": "130781",
"ident": null
},
{
"date": "2014-07-03T23:00:31",
"db": "PACKETSTORM",
"id": "127335",
"ident": null
},
{
"date": "2014-10-21T20:30:24",
"db": "PACKETSTORM",
"id": "128783",
"ident": null
},
{
"date": "2015-02-17T22:23:00",
"db": "PACKETSTORM",
"id": "130429",
"ident": null
},
{
"date": "2014-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-585",
"ident": null
},
{
"date": "2014-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002698",
"ident": null
},
{
"date": "2014-05-31T11:17:13.093000",
"db": "NVD",
"id": "CVE-2014-0075",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-585",
"ident": null
},
{
"date": "2016-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002698",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0075",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130616"
},
{
"db": "PACKETSTORM",
"id": "127366"
},
{
"db": "PACKETSTORM",
"id": "127335"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-585"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Apache Tomcat of java/org/apache/coyote/http11/filters/ChunkedInputFilter.java Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002698"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-585"
}
],
"trust": 0.6
}
}
VAR-201703-0328
Vulnerability from variot - Updated: 2026-03-05 19:47The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update Advisory ID: RHSA-2017:0455-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2017:0455 Issue date: 2015-11-12 Updated on: 2017-03-07 CVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, ppc64, x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
-
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
-
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
-
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
-
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-6816)
-
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
-
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
-
It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
-
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service 1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation 1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation 1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources 1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters 1390520 - CVE-2016-6794 tomcat: system property disclosure 1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function 1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation 1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests 1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener 1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
- JIRA issues fixed (https://issues.jboss.org/):
JWS-267 - RHEL 6 Errata JIRA
- Package List:
Red Hat JBoss Web Server 3.1 for RHEL 6:
Source: hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.src.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.src.rpm jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.src.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.src.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.src.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.src.rpm tomcat7-7.0.70-16.ep7.el6.src.rpm tomcat8-8.0.36-17.ep7.el6.src.rpm
i386: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.i686.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.i686.rpm tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.i686.rpm
noarch: hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.noarch.rpm tomcat7-7.0.70-16.ep7.el6.noarch.rpm tomcat7-admin-webapps-7.0.70-16.ep7.el6.noarch.rpm tomcat7-docs-webapp-7.0.70-16.ep7.el6.noarch.rpm tomcat7-el-2.2-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-javadoc-7.0.70-16.ep7.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-jsvc-7.0.70-16.ep7.el6.noarch.rpm tomcat7-lib-7.0.70-16.ep7.el6.noarch.rpm tomcat7-log4j-7.0.70-16.ep7.el6.noarch.rpm tomcat7-selinux-7.0.70-16.ep7.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-webapps-7.0.70-16.ep7.el6.noarch.rpm tomcat8-8.0.36-17.ep7.el6.noarch.rpm tomcat8-admin-webapps-8.0.36-17.ep7.el6.noarch.rpm tomcat8-docs-webapp-8.0.36-17.ep7.el6.noarch.rpm tomcat8-el-2.2-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-javadoc-8.0.36-17.ep7.el6.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-jsvc-8.0.36-17.ep7.el6.noarch.rpm tomcat8-lib-8.0.36-17.ep7.el6.noarch.rpm tomcat8-log4j-8.0.36-17.ep7.el6.noarch.rpm tomcat8-selinux-8.0.36-17.ep7.el6.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-webapps-8.0.36-17.ep7.el6.noarch.rpm
ppc64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm
x86_64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0762 https://access.redhat.com/security/cve/CVE-2016-1240 https://access.redhat.com/security/cve/CVE-2016-3092 https://access.redhat.com/security/cve/CVE-2016-5018 https://access.redhat.com/security/cve/CVE-2016-6325 https://access.redhat.com/security/cve/CVE-2016-6794 https://access.redhat.com/security/cve/CVE-2016-6796 https://access.redhat.com/security/cve/CVE-2016-6797 https://access.redhat.com/security/cve/CVE-2016-6816 https://access.redhat.com/security/cve/CVE-2016-8735 https://access.redhat.com/security/cve/CVE-2016-8745 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYvww0XlSAg2UNWIIRAnJlAJ9c1cyDXP1/dI30fGjC0wJVDGbw3QCfbnXw /PBR7pUGLbNA0xtWDwAi0Xk= =Y+gP -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2016-6816)
-
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)
-
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.
For the stable distribution (jessie), these problems have been fixed in version 7.0.56-3+deb8u6.
For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 7.0.72-3.
We recommend that you upgrade your tomcat7 packages. 7) - noarch
- Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. (CVE-2016-8745)
- Note: the current version of the following document is available here: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03302206
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03302206 Version: 1
MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2018-12-12 Last Updated: 2018-12-12
Potential Security Impact: Remote: Cross-Site Scripting (XSS), Disclosure of Information
Source: Micro Focus, Product Security Response Team
VULNERABILITY SUMMARY A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information
References:
- PSRT110650
- CVE-2016-6816
- CVE-2017-5664
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE Network Node Manager I (NNMi) Software 9.2x, 10.0x, 10.00 Patch 1, 10.00 Patch 2, 10.00 Patch 3, 10.00 Patch 4, 10.00 Patch 5, 10.1x, 10.10 Patch 1, 10.10 Patch 2, 10.10 Patch 3, 10.10 Patch 4, 10.2x, 10.20 Patch 1, 10.20 Patch 2, 10.20 Patch 3, 10.30, 10.30 Patch 1
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
RESOLUTION
Micro Focus has made the following software updates and mitigation information to resolve the vulnerability in Micro Focus Network Node Manager i: Customers using v9.X must upgrade to v10.x and then install the patch below. Patches are available to address the vulnerabilities: For v10.0x: Network Node Manager i 10.00 Patch 8 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139745 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139763 For v10.1x: Network Node Manager i 10.10 Patch 7 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139729 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139781 For v10.2x: Network Node Manager i 10.20 Patch 6 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139701 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139715 For v10.3x: Network Node Manager i 10.30 Patch 2 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139685 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139693
HISTORY Version:1 (rev.1) - 12 December 2018 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to security@microfocus.com.
Report: To report a potential security vulnerability for any supported product: Web form: https://softwaresupport.softwaregrp.com/psrt Email: security@microfocus.com
Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.softwaregrp.com/security-vulnerability
Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.
3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software
System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright Micro Focus
Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. =========================================================================== Ubuntu Security Notice USN-3177-2 February 02, 2017
tomcat6, tomcat7 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3177-1 introduced a regression in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem.
We apologize for the inconvenience. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018) It was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388) It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6816) Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8745) Paul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.9 tomcat7 7.0.52-1ubuntu0.9
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.10 tomcat6 6.0.35-1ubuntu3.10
In general, a standard system update will make all the necessary changes.
The References section of this erratum contains a download link (you must log in to download the update)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.72"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.65"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.70"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.62"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.69"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.51"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.66"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.60"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.58"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.57"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.61"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.17"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.55"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.68"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.63"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.67"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.52"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.64"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.56"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.44"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.37"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.45"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.54"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.71"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.53"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.59"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 from 6.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 from 7.0.72"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0.rc1 from 8.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.5.0 from 8.5.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "9.0.0.m1 from 9.0.0.m11"
},
{
"_id": null,
"model": "mailshooter",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"_id": null,
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6"
},
{
"_id": null,
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7"
},
{
"_id": null,
"model": "spoolserver series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "reportfiling ver5.2 to 6.2"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 5"
},
{
"_id": null,
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6"
},
{
"_id": null,
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version"
},
{
"_id": null,
"model": "embedded cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "jp1/cm2/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for atm"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"_id": null,
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"_id": null,
"model": "programming environment for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:mailshooter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:simpwright",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:spoolserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:embedded_cosminexus_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:programming_environment_for_java",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140916"
},
{
"db": "PACKETSTORM",
"id": "142108"
},
{
"db": "PACKETSTORM",
"id": "141637"
},
{
"db": "PACKETSTORM",
"id": "140915"
}
],
"trust": 0.5
},
"cve": "CVE-2016-6816",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-6816",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-6816",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6816",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6816",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"description": {
"_id": null,
"data": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update\nAdvisory ID: RHSA-2017:0455-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:0455\nIssue date: 2015-11-12\nUpdated on: 2017-03-07\nCVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 \n CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 \n CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 \n CVE-2016-8735 CVE-2016-8745 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 3 for RHEL 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for\nRed Hat JBoss Web Server 3.0.3, and includes enhancements. \n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges. \n(CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included\nin EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat\ninstance built from source, using the EWS 2.x, or JWS 3.x distributions, an\nattacker could use this flaw to launch a remote code execution attack on\nyour deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. \n(CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body. \n(CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible to\ndetermine valid user names. Note that the default configuration includes\nthe LockOutRealm which makes exploitation of this vulnerability harder. \n(CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was accessible\nto web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s\nsystem property replacement feature for configuration files could be used\nby a malicious web application to bypass the SecurityManager and read\nsystem properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration parameters\nfor the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access\nany global JNDI resource whether an explicit ResourceLink had been\nconfigured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security. \n\nEnhancement(s):\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to\nRed Hat Enterprise Linux 6. These packages provide a number of enhancements\nover the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated\npackages, which add this enhancement. \n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation\n1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation\n1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources\n1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters\n1390520 - CVE-2016-6794 tomcat: system property disclosure\n1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function\n1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation\n1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener\n1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-267 - RHEL 6 Errata JIRA\n\n7. Package List:\n\nRed Hat JBoss Web Server 3.1 for RHEL 6:\n\nSource:\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.src.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.src.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.src.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.src.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.src.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.src.rpm\ntomcat7-7.0.70-16.ep7.el6.src.rpm\ntomcat8-8.0.36-17.ep7.el6.src.rpm\n\ni386:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.i686.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.i686.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.i686.rpm\ntomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.i686.rpm\n\nnoarch:\nhibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\nmod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\nmod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.noarch.rpm\ntomcat7-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-admin-webapps-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-docs-webapp-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-el-2.2-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-javadoc-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-jsp-2.2-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-jsvc-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-lib-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-log4j-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-selinux-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-servlet-3.0-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-webapps-7.0.70-16.ep7.el6.noarch.rpm\ntomcat8-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-admin-webapps-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-docs-webapp-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-el-2.2-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-javadoc-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-jsp-2.3-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-jsvc-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-lib-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-log4j-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-selinux-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-servlet-3.1-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-webapps-8.0.36-17.ep7.el6.noarch.rpm\n\nppc64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm\n\nx86_64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm\ntomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0762\nhttps://access.redhat.com/security/cve/CVE-2016-1240\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nhttps://access.redhat.com/security/cve/CVE-2016-5018\nhttps://access.redhat.com/security/cve/CVE-2016-6325\nhttps://access.redhat.com/security/cve/CVE-2016-6794\nhttps://access.redhat.com/security/cve/CVE-2016-6796\nhttps://access.redhat.com/security/cve/CVE-2016-6797\nhttps://access.redhat.com/security/cve/CVE-2016-6816\nhttps://access.redhat.com/security/cve/CVE-2016-8735\nhttps://access.redhat.com/security/cve/CVE-2016-8745\nhttps://access.redhat.com/security/updates/classification/#important\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYvww0XlSAg2UNWIIRAnJlAJ9c1cyDXP1/dI30fGjC0wJVDGbw3QCfbnXw\n/PBR7pUGLbNA0xtWDwAi0Xk=\n=Y+gP\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n(CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available\nvia GET requests making them vulnerable to cross-origin attacks. An\nattacker could trigger the user\u0027s browser to request the log files\nconsuming enough resources that normal server functioning could be\nimpaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as\nsensitive, users with a Monitor role are able to view the sensitive\ninformation. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u6. \n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3. \n\nWe recommend that you upgrade your tomcat7 packages. 7) - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol (|)\nin not encoded form, as these are often used in URLs without being properly\nencoded. \n(CVE-2016-8745)\n\n4. Note: the current version of the following document is available here:\nhttps://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03302206\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: KM03302206\nVersion: 1\n\nMFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-12-12\nLast Updated: 2018-12-12\n\nPotential Security Impact: Remote: Cross-Site Scripting (XSS), Disclosure of\nInformation\n\nSource: Micro Focus, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node\nManager i. The vulnerability could be exploited Remote Cross-Site Scripting\n(XSS) and Remote Disclosure of Information\n\nReferences:\n\n - PSRT110650\n - CVE-2016-6816\n - CVE-2017-5664\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE Network Node Manager I (NNMi) Software 9.2x, 10.0x, 10.00 Patch 1,\n10.00 Patch 2, 10.00 Patch 3, 10.00 Patch 4, 10.00 Patch 5, 10.1x, 10.10\nPatch 1, 10.10 Patch 2, 10.10 Patch 3, 10.10 Patch 4, 10.2x, 10.20 Patch 1,\n10.20 Patch 2, 10.20 Patch 3, 10.30, 10.30 Patch 1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n\nRESOLUTION\n\nMicro Focus has made the following software updates and mitigation\ninformation to resolve the vulnerability in Micro Focus Network Node Manager\ni:\nCustomers using v9.X must upgrade to v10.x and then install the patch below. \nPatches are available to address the vulnerabilities:\nFor v10.0x: Network Node Manager i 10.00 Patch 8 \n\tLinux \n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139745](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139745)\n\tWindows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139763](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139763)\nFor v10.1x: Network Node Manager i 10.10 Patch 7\n\tLinux\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139729](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139729)\n\tWindows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139781](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139781)\nFor v10.2x: Network Node Manager i 10.20 Patch 6\n\tLinux\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139701](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139701)\n\tWindows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139715](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139715)\nFor v10.3x: Network Node Manager i 10.30 Patch 2\n\tLinux\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139685](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139685)\n\t Windows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139693](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139693) \n\n\nHISTORY\nVersion:1 (rev.1) - 12 December 2018 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on \nsystems running Micro Focus products should be applied in accordance with the customer\u0027s \npatch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. \nFor other issues about the content of this Security Bulletin, send e-mail to security@microfocus.com. \n\nReport: To report a potential security vulnerability for any supported product:\n Web form: https://softwaresupport.softwaregrp.com/psrt\n Email: security@microfocus.com\n\nSubscribe:\n To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification\n Once you are logged in to the portal, please choose security bulletins under product and document types. \n Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do \n\nSecurity Bulletin Archive:\n A list of recently released Security Bulletins is available here: https://softwaresupport.softwaregrp.com/security-vulnerability\n \nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following Micro Focus Security Bulletin. \n\n3P = 3rd Party Software\nGN = Micro Focus General Software\nMU = Multi-Platform Software\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. \nMicro Focus is continually reviewing and enhancing the security features of software products to provide \ncustomers with current secure solutions. \n\n\"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the \naffected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends \nthat all users determine the applicability of this information to their individual situations and take appropriate action. \nMicro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, \nMicro Focus will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in \nthis Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\" \n\n\nCopyright Micro Focus\n\nMicro Focus shall not be liable for technical or editorial errors or omissions contained herein. \nThe information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, \nneither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special \nor consequential damages including downtime cost; lost profits; damages relating to the procurement of \nsubstitute products or services; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without notice. Micro Focus and the names of \nMicro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. \nOther product and company names mentioned herein may be trademarks of their respective owners. \n===========================================================================\nUbuntu Security Notice USN-3177-2\nFebruary 02, 2017\n\ntomcat6, tomcat7 regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3177-1 introduced a regression in Tomcat. The update introduced a\nregression in environments where Tomcat is started with a security manager. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. A remote attacker could possibly\n use this issue to enumerate usernames. This issue only applied to Ubuntu\n 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could\n possibly use this to bypass Security Manager restrictions. This issue only\n applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n (CVE-2016-5018)\n It was discovered that Tomcat did not protect applications from untrusted\n data in the HTTP_PROXY environment variable. A remote attacker could\n possibly use this issue to redirect outbound traffic to an arbitrary proxy\n server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\n Ubuntu 16.04 LTS. (CVE-2016-5388)\n It was discovered that Tomcat incorrectly controlled reading system\n properties. A malicious application could possibly use this to bypass\n Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\n Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass\n Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\n Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only applied to\n Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6816)\n Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\n implement a recommended fix. A remote attacker could possibly use this\n issue to execute arbitrary code. (CVE-2016-8745)\n Paul Szabo discovered that the Tomcat package incorrectly handled upgrades\n and removals. A local attacker could possibly use this issue to obtain\n root privileges. (CVE-2016-9774, CVE-2016-9775)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libtomcat7-java 7.0.52-1ubuntu0.9\n tomcat7 7.0.52-1ubuntu0.9\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.10\n tomcat6 6.0.35-1ubuntu3.10\n\nIn general, a standard system update will make all the necessary changes. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6816"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140916"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "142108"
},
{
"db": "PACKETSTORM",
"id": "141637"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "140915"
}
],
"trust": 2.43
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41783",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-6816",
"trust": 2.7
},
{
"db": "BID",
"id": "94461",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1037332",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "41783",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92250735",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2016-6816",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141509",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140916",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140199",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142108",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150775",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140905",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140915",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140916"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "142108"
},
{
"db": "PACKETSTORM",
"id": "141637"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "140915"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"id": "VAR-201703-0328",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2026-03-05T19:47:49.200000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache Tomcat 8.0.39",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"title": "Fixed in Apache Tomcat 7.0.73",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"title": "Fixed in Apache Tomcat 6.0.48",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"title": "Fixed in Apache Tomcat 9.0.0.M13",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13"
},
{
"title": "Fixed in Apache Tomcat 8.5.8",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "NV17-002",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-002.html"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "Red Hat: Moderate: tomcat6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170527 - Security Advisory"
},
{
"title": "Red Hat: Moderate: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170935 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170247 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170245 - Security Advisory"
},
{
"title": "Red Hat: Important: jboss-ec2-eap security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170250 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170244 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170246 - Security Advisory"
},
{
"title": "Red Hat: CVE-2016-6816",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-6816"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170457 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2017-810",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-810"
},
{
"title": "Amazon Linux AMI: ALAS-2016-777",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-777"
},
{
"title": "Amazon Linux AMI: ALAS-2016-778",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-778"
},
{
"title": "Amazon Linux AMI: ALAS-2016-776",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-776"
},
{
"title": "Debian Security Advisories: DSA-3738-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8828b9876ebd1ef3e89b0ed4e9499abe"
},
{
"title": "Debian Security Advisories: DSA-3739-1 tomcat8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=98ef9e44fdad2be0b98f03550515e81a"
},
{
"title": "Arch Linux Advisories: [ASA-201611-22] tomcat6: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201611-22"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Network Node Manager i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-107"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3177-2"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9774: privilege escalation via upgrade",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8cd48a33e8df530a4a18a79eb337a877"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9775: privilege escalation via removal",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e3359df45e6e8201a268a6c465717fa5"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7, tomcat8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3177-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ecbe5f193404d1e9c62e8323118ae6cf"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "penetration tools\nDonation\nThanks to",
"trust": 0.1,
"url": "https://github.com/touchmycrazyredhat/myhktools "
},
{
"title": "penetration tools\nDonation\nDonation\nThanks to\n\u5148\u77e5\u8bba\u575b\u63a8\u8350\u8fc7\u672c\u9879\u76ee\u201c2.1.3 Web \u6846\u67b6\u201d\nmyhktools",
"trust": 0.1,
"url": "https://github.com/hktalent/myhktools "
},
{
"title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/94461"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/41783/"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:0935"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:0455"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0527.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0247.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0245.html"
},
{
"trust": 1.1,
"url": "https://tomcat.apache.org/security-9.html#fixed_in_apache_tomcat_9.0.0.m13"
},
{
"trust": 1.1,
"url": "https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.5.8"
},
{
"trust": 1.1,
"url": "https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.0.39"
},
{
"trust": 1.1,
"url": "https://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.73"
},
{
"trust": 1.1,
"url": "https://tomcat.apache.org/security-6.html#fixed_in_apache_tomcat_6.0.48"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037332"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3738"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:0456"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0457.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0250.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0246.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0244.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4557-1/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6816"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6817"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8735"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92250735/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6817"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2016-6816"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8745"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-8745"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6794"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0762"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5018"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8627"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-7061"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8656"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8656"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7061"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8627"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2017:0527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3177-2/"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6325"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3092"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6794"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9775"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9774"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/"
},
{
"trust": 0.1,
"url": "https://cf.passport.softwaregrp.com/hppcf/createuser.do"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/psrt"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/gro"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/security-vulnerability"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03302206"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3177-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.9"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3177-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1659589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140916"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "142108"
},
{
"db": "PACKETSTORM",
"id": "141637"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "140915"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2016-6816",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141509",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140916",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140199",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "142108",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141637",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150775",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140905",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140915",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-6816",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-03-20T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6816",
"ident": null
},
{
"date": "2017-03-08T00:54:47",
"db": "PACKETSTORM",
"id": "141509",
"ident": null
},
{
"date": "2017-02-03T15:54:10",
"db": "PACKETSTORM",
"id": "140916",
"ident": null
},
{
"date": "2016-12-18T13:55:00",
"db": "PACKETSTORM",
"id": "140199",
"ident": null
},
{
"date": "2017-04-12T23:47:55",
"db": "PACKETSTORM",
"id": "142108",
"ident": null
},
{
"date": "2017-03-15T15:22:10",
"db": "PACKETSTORM",
"id": "141637",
"ident": null
},
{
"date": "2018-12-13T18:21:43",
"db": "PACKETSTORM",
"id": "150775",
"ident": null
},
{
"date": "2017-02-03T15:51:19",
"db": "PACKETSTORM",
"id": "140905",
"ident": null
},
{
"date": "2017-02-03T15:54:03",
"db": "PACKETSTORM",
"id": "140915",
"ident": null
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656",
"ident": null
},
{
"date": "2017-03-20T18:59:00.173000",
"db": "NVD",
"id": "CVE-2016-6816",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6816",
"ident": null
},
{
"date": "2019-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-6816",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "140905"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Apache Tomcat Updates for multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code execution, info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "140199"
}
],
"trust": 0.1
}
}
VAR-201102-0280
Vulnerability from variot - Updated: 2026-03-04 22:09The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM Lotus product line contains a denial-of-service (DoS) vulnerability. IBM Lotus product line contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).A remote attacker may cause a denial-of-service (DoS). Oracle Java is prone to a remote denial-of-service vulnerability. Successful attacks will cause applications written in Java to hang, creating a denial-of-service condition. This issue affects both the Java compiler and Runtime Environment. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03716627
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03716627 Version: 1
HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2013-03-28 Last Updated: 2013-03-28
Potential Security Impact: Remote Denial of Service (DoS), access restriction bypass, unauthorized modification and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache running Tomcat Servlet Engine 5.5.35.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2009-2693 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2009-2902 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-3548 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-1157 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2010-3718 (AV:L/AC:H/Au:N/C:N/I:P/A:N) 1.2 CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0013 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-1184 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-2204 (AV:L/AC:M/Au:N/C:P/I:N/A:N) 1.9 CVE-2011-2526 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-2729 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3190 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-4858 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0022 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerability. The updates are available for download from https://h20392.www2.hp.com/portal /swdepot/displayProductInfo.do?productNumber=HPUXWST553601
Servlet Version Depot Name
HP-UX Apache Tomcat Servlet Engine v5.5.36.01 HP-UX_11.23_HPUXWS22T-B5536-1123.depot
HP-UX_11.31_HPUXWS22T-B5536-1131.depot
MANUAL ACTIONS: Yes - Update Install HP-UX Apache Tomcat Servlet Engine 5.5.36.01 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX Web Server Suite HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22TOMCAT.TOMCAT action: install revision B.5.5.36.01 or subsequent
END AFFECTED VERSION
HISTORY Version:1 (rev.1) - 28 March 2013 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Background
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-1079-3 March 17, 2011 openjdk-6b18 vulnerabilities CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 10.10: icedtea6-plugin 6b18-1.8.7-0ubuntu2.1 openjdk-6-jre 6b18-1.8.7-0ubuntu2.1 openjdk-6-jre-headless 6b18-1.8.7-0ubuntu2.1
After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes.
Details follow:
USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS.
Original advisory details:
It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)
It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-4450)
It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)
It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469)
It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)
It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)
It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)
Konstantin Prei\xdfer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2010-4476)
It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. (CVE-2011-0706)
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.diff.gz
Size/MD5: 149561 b35ae7a82db49282379d36e7ece58484
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.dsc
Size/MD5: 3015 04cb459aeaab6c228e722caf07a44de9
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz
Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 377802 d4439da20492eafbccb33e2fe979e8c9
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 78338 7bdf93e00fd81dc82fd0d9a8b4e905c7
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 85497146 1512e0d6563dd5120729cf5b993c618c
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 1545620 544c54891d44bdac534c81318a7f2bcb
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 9140042 0a2d6ed937081800baeb6fc55326a754
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 30092886 4cc5ad7c54638278e55ee7d2acaab413
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 266102 4278c2c06387cf883325356efda3c4d4
http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 1959296 6becfb4d5a2ecbe7aee622b84df57f12
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: Red Hat Network Satellite server IBM Java Runtime security update Advisory ID: RHSA-2011:0880-01 Product: Red Hat Network Satellite Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0880.html Issue date: 2011-06-16 CVE Names: CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3553 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3560 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 CVE-2010-3569 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4471 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 =====================================================================
- Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Network Satellite Server 5.4 (RHEL v.5) - i386, s390x, x86_64
- Description:
This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite 5.4.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476)
Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these updated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java release. For this update to take effect, Red Hat Network Satellite must be restarted. Refer to the Solution section for details.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
Run the following command to restart the Red Hat Network Satellite server:
rhn-satellite restart
- Bugs fixed (http://bugzilla.redhat.com/):
533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005) 639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) 639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) 639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) 639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) 639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) 639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489) 639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) 642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) 642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) 642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) 642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) 642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) 642558 - CVE-2010-3555 JDK unspecified vulnerability in Deployment component 642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component 642573 - CVE-2010-3560 JDK unspecified vulnerability in Networking component 642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component 642585 - CVE-2010-3571 JDK unspecified vulnerability in 2D component 642589 - CVE-2010-3563 JDK unspecified vulnerability in Deployment component 642593 - CVE-2010-3558 JDK unspecified vulnerability in Java Web Start component 642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662) 676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453) 676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922) 677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component 677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component 677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component 677960 - CVE-2010-4467 JDK unspecified vulnerability in Deployment component 677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component 677963 - CVE-2010-4463 JDK unspecified vulnerability in Deployment component 677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component 677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component 677968 - CVE-2010-4452 JDK unspecified vulnerability in Deployment component 677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component 677971 - CVE-2010-4422 JDK unspecified vulnerability in Deployment component
- Package List:
Red Hat Network Satellite Server 5.4 (RHEL v.5):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.src.rpm
i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm
s390x: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2009-3555.html https://www.redhat.com/security/data/cve/CVE-2010-1321.html https://www.redhat.com/security/data/cve/CVE-2010-3541.html https://www.redhat.com/security/data/cve/CVE-2010-3548.html https://www.redhat.com/security/data/cve/CVE-2010-3549.html https://www.redhat.com/security/data/cve/CVE-2010-3550.html https://www.redhat.com/security/data/cve/CVE-2010-3551.html https://www.redhat.com/security/data/cve/CVE-2010-3553.html https://www.redhat.com/security/data/cve/CVE-2010-3555.html https://www.redhat.com/security/data/cve/CVE-2010-3556.html https://www.redhat.com/security/data/cve/CVE-2010-3557.html https://www.redhat.com/security/data/cve/CVE-2010-3558.html https://www.redhat.com/security/data/cve/CVE-2010-3560.html https://www.redhat.com/security/data/cve/CVE-2010-3562.html https://www.redhat.com/security/data/cve/CVE-2010-3563.html https://www.redhat.com/security/data/cve/CVE-2010-3565.html https://www.redhat.com/security/data/cve/CVE-2010-3566.html https://www.redhat.com/security/data/cve/CVE-2010-3568.html https://www.redhat.com/security/data/cve/CVE-2010-3569.html https://www.redhat.com/security/data/cve/CVE-2010-3571.html https://www.redhat.com/security/data/cve/CVE-2010-3572.html https://www.redhat.com/security/data/cve/CVE-2010-3573.html https://www.redhat.com/security/data/cve/CVE-2010-3574.html https://www.redhat.com/security/data/cve/CVE-2010-4422.html https://www.redhat.com/security/data/cve/CVE-2010-4447.html https://www.redhat.com/security/data/cve/CVE-2010-4448.html https://www.redhat.com/security/data/cve/CVE-2010-4452.html https://www.redhat.com/security/data/cve/CVE-2010-4454.html https://www.redhat.com/security/data/cve/CVE-2010-4462.html https://www.redhat.com/security/data/cve/CVE-2010-4463.html https://www.redhat.com/security/data/cve/CVE-2010-4465.html https://www.redhat.com/security/data/cve/CVE-2010-4466.html https://www.redhat.com/security/data/cve/CVE-2010-4467.html https://www.redhat.com/security/data/cve/CVE-2010-4468.html https://www.redhat.com/security/data/cve/CVE-2010-4471.html https://www.redhat.com/security/data/cve/CVE-2010-4473.html https://www.redhat.com/security/data/cve/CVE-2010-4475.html https://www.redhat.com/security/data/cve/CVE-2010-4476.html https://access.redhat.com/security/updates/classification/#low http://www.ibm.com/developerworks/java/jdk/alerts/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFN+lm6XlSAg2UNWIIRAvBeAJ0Wz/dmuJW0q8QTp1Bq5NhaLmExvQCeM5c+ RNFKowPY3HYpgAdrm0ORV8c= =W7VB -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ----------------------------------------------------------------------
http://twitter.com/secunia
http://www.facebook.com/Secunia
TITLE: Hitachi JP1 Products Java Double Literal Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA44576
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44576/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44576
RELEASE DATE: 2011-05-17
DISCUSS ADVISORY: http://secunia.com/advisories/44576/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44576/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44576
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged a vulnerability in JP1 products, which can be exploited by malicious people to cause a DoS (Denial of Service).
For more information see vulnerability #1 in: SA43262
Please see the vendor's advisory for the list of affected products. Please see the vendor's advisory for more details.
ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-008/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
For the old stable distribution (lenny), this problem has been fixed in version 6b18-1.8.3-2~lenny1.
Note that this update introduces an OpenJDK package based on the IcedTea release 1.8.3 into the old stable distribution. This addresses several dozen security vulnerabilities, most of which are only exploitable by malicious mobile code. A notable exception is CVE-2009-3555, the TLS renegotiation vulnerability. This update implements the protocol extension described in RFC 5746, addressing this issue.
This update also includes a new version of Hotspot, the Java virtual machine, which increases the default heap size on machines with several GB of RAM. If you run several JVMs on the same machine, you might have to reduce the heap size by specifying a suitable -Xmx argument in the invocation of the "java" command.
We recommend that you upgrade your openjdk-6 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/a",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/a",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/a",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/c",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/c",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/a",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/c",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/a",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/f",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/b",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/b",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/c",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/a",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/f",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/g",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/c",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 011",
"scope": "eq",
"trust": 1.5,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/c",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 010",
"scope": "eq",
"trust": 1.5,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/i",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "05-05"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/d",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 013",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/h",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "25008-10-01"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/g",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/f",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/d",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/a",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/e",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/g",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "jre 014",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/b",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/c",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/d",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_25"
},
{
"_id": null,
"model": "sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_29"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_2"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_3"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_22"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_23"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jdk",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_5"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_24"
},
{
"_id": null,
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_13"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_15"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_18"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_10"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_1"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_8"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_19"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_16"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_4"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_6"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_26"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_21"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_7"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_17"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_25"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_3"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_11"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_12"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_22"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_9"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_27"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_28"
},
{
"_id": null,
"model": "jdk",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_23"
},
{
"_id": null,
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_29"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_14"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_13"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_10"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_15"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_8"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_20"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_6"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_26"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_19"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_21"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_5"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_24"
},
{
"_id": null,
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_9"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_02"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_27"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_1"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_16"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_4"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_18"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_28"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_14"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_7"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_12"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_11"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_20"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.4.2_17"
},
{
"_id": null,
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.3.1 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "cosminexus application server enterprise )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "sdk 1.4.2 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 015",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.2.1"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 27",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/d",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 007",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.1.6"
},
{
"_id": null,
"model": "jre 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.2"
},
{
"_id": null,
"model": "sdk 24",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 01a",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.4.2 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "jre .0 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "01-05"
},
{
"_id": null,
"model": "jdk 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre .0 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 24",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.3.1 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk b 005",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.1.7"
},
{
"_id": null,
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "processing kit for xml 02-05-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "cosminexus application server standard )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/f",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "sdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "jre 1.3.1 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jdk 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "08-10-01"
},
{
"_id": null,
"model": "sdk 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "processing kit for xml 02-05-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.3.1 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre .0 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "sdk .0 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.1"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/d",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "sdk 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "jdk 1.5.0 24",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "jre 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "25008-00-02"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "sdk .0 4",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "sdk 1.4.2 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk .0 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "sdk 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "02-00"
},
{
"_id": null,
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/f",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.2.1"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.4.2 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 1.4.2 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "jre 1.4.2 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "jre .0 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "sdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/m",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "-04-01"
},
{
"_id": null,
"model": "jdk 008",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "jdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.3.1 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "jre 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.2"
},
{
"_id": null,
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.3.1 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.4.2 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.1.6"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 007",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 009",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "hp systems insight manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard l p",
"version": "prior to v7.0"
},
{
"_id": null,
"model": "forms",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "4.0, 3.5"
},
{
"_id": null,
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "lotus quickr",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for websphere portal 8.5, 8.1, 8.0"
},
{
"_id": null,
"model": "mashup center",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0, 2.0, 1.1, 1.0"
},
{
"_id": null,
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1, 6.0"
},
{
"_id": null,
"model": "lotus activeinsight",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1, 6.0"
},
{
"_id": null,
"model": "lotus connections",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0, 2.5, 2.0, 1.0"
},
{
"_id": null,
"model": "lotus mashups",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0, 2.0, 1.1, 1.0"
},
{
"_id": null,
"model": "lotus sametime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "lotus sametime standard",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "lotus sametime unified telephony",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.5.1, 8.0"
},
{
"_id": null,
"model": "lotus web content management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0, 6.1"
},
{
"_id": null,
"model": "lotus workforce management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere portlet factory",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0, 6.1"
},
{
"_id": null,
"model": "workplace web content management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "jre 005",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-03"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "cosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "jre .0 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-50-04"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/i",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-11"
},
{
"_id": null,
"model": "jdk 003",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.2.1"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/n",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-10-05"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-01"
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-10"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.0-06"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.0-00"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-11-03"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "25008-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-50-03"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-02"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-04"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/l",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "jre 1.4.2 28",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "processing kit for xml 01-05-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 007",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "jre 1.3.1 16",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "jre 1.3.1 28",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/j",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 005",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/e",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "replication manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "jre 1.3.1 15",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "replication manager software )",
"scope": "ne",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/n",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-02"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "jdk 006",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "processing kit for xml 02-00-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-51"
},
{
"_id": null,
"model": "processing kit for xml )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "02-05"
},
{
"_id": null,
"model": "jp1/cm2/snmp system observer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 007",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-02"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "jre b 07",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.7"
},
{
"_id": null,
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "replication manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/i",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "replication manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "jdk 10",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.3.1 17",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 1.4.2 27",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 11",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "jre b 007",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.7"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/o",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-03"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "25008-10"
},
{
"_id": null,
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/e",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 002",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "jre 1.3.1 19",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 008",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "02-05"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "jre 1.3.1 18",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 004",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "jdk 009",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.6"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/b )",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 004",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.2.1"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-06"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk b 007",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.7"
},
{
"_id": null,
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-00-/f",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-01"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-50"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-10-06"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-10"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-02"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-00-/i",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-11-04"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "jre 012",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "jre 005",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "cosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "cosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/e",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/k",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/e",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 009",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "tivoli dynamic workload broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "virtual i/o server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web server for rhel es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "processing kit for xml 01-07-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-50"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "cognos business intelligence fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "88.4.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "processing kit for xml 01-07-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netcool omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "replication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-01"
},
{
"_id": null,
"model": "cognos workforce performance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-50-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.17"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "db2 fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.55"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cognos customer performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.19"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-50-01"
},
{
"_id": null,
"model": "cosminexus server web edition 04-00-/a",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/c (solari",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "tivoli workload scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "provisioning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "systemwalker availability view enterprise edition 13.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "os/400 v5r4m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.107"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/r",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "tivoli netcool performance manager for wireless",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-50-01"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"_id": null,
"model": "cognos mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "tivoli foundations for application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.14"
},
{
"_id": null,
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss enterprise soa platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0.2"
},
{
"_id": null,
"model": "jboss enterprise portal platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.1.0"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.35"
},
{
"_id": null,
"model": "tivoli composite application manager for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "jre b",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.7"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-30"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "tivoli workload scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"_id": null,
"model": "websphere application server community edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.4"
},
{
"_id": null,
"model": "jre .0 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "jp1/hicommand provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-30"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.22"
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli enterprise console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.128"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "jdk 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-06"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-c (solaris",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "jrockit r28.0.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "ucosminexus client 06-70-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netcool performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1"
},
{
"_id": null,
"model": "cognos impromptu web reports",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition enterprise hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-10-02"
},
{
"_id": null,
"model": "reflection for secure it unix server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.0"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00(x64))"
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "conferencing standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3-2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.18"
},
{
"_id": null,
"model": "tru64 unix 5.1b-4",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "vcenter update manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.11"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.11"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.5"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "vcenter update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cognos express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "jrockit r28.1.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "identity manager remote loader",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.6.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-30"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "processing kit for xml )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-00"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-02"
},
{
"_id": null,
"model": "tivoli workload scehdule z/os connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "cosminexus studio web edition 04-01-/a",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.401"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.126"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus client 06-70-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.018"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.019"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.22"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "identity manager roles based provisioning module",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.6.1"
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.23"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "tivoli network manager ip edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "nonstop server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6"
},
{
"_id": null,
"model": "provisioning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "reflection for secure it windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-06"
},
{
"_id": null,
"model": "jre 007",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.6"
},
{
"_id": null,
"model": "replication manager software -00 )",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.25"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus client 06-70-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "jre 15",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3-1"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "jboss enterprise web platform for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "55"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-40"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web platform for rhel 4as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-10"
},
{
"_id": null,
"model": "jdk 04",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus client 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-00(x64))"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "ewas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.138"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "db2 fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.18"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli management framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.3.1"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "2.33"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli federated identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00-03"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.14"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.30"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"_id": null,
"model": "reflection for secure it unix client",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition (hp-ux(pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-10"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux enterprise java sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "jre 009",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.6"
},
{
"_id": null,
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-03"
},
{
"_id": null,
"model": "jp1/hicommand provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-90"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.13"
},
{
"_id": null,
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-05"
},
{
"_id": null,
"model": "jre b 005",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.7"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.29"
},
{
"_id": null,
"model": "jboss enterprise application platform for rhel 4as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "websphere application server community edition",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.5"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "tivoli configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.3"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "jdk update21",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "jre 11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "replication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"_id": null,
"model": "esx patch esx400-201",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2.0-00"
},
{
"_id": null,
"model": "netcool/omnibus fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.020"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.8"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "conferencing standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "identity manager designer",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "4.0"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 21",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "linux enterprise java sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "tivoli directory server 6.1.0.5-tiv-itds-if0",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.56"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.115"
},
{
"_id": null,
"model": "ewas",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.139"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tivoli workload scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.102"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "systemwalker availability view enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "13.3"
},
{
"_id": null,
"model": "websphere mq file transfer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "cosminexus studio 05-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.3.0-00"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "systemwalker it process master standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "13.3.1"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.103"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-03"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "db2 fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.56"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "jrockit r27.6.0-50",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.015"
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-50"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.55"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "reflection suite for",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "x2011"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "cosminexus studio 05-01-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.32"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/a linux )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jrockit r27.6.5",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.222"
},
{
"_id": null,
"model": "jdk 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "device manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "jboss enterprise application platform el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.3"
},
{
"_id": null,
"model": "processing kit for xml 02-00-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.4"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.21"
},
{
"_id": null,
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.3.1"
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "vcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.03"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.5-00"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/c (hp-ux(",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cognos supply chain performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.27"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.105"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cognos mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5)5.4"
},
{
"_id": null,
"model": "tivoli federated identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"_id": null,
"model": "tivoli composite application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.3"
},
{
"_id": null,
"model": "jdk update24",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "tru64 unix pk6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1.0"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.9"
},
{
"_id": null,
"model": "jp1/hicommand provisioning manager )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-10"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition enterprise hp-ux pa-ri",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-10-02"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-50-02"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "replication manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "jre 21",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "db2 fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.19"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "os/400 v6r1m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "replication manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "interstage business application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "tivoli foundations for application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"_id": null,
"model": "db2 fix pack 3a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "db2 fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.110"
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.6"
},
{
"_id": null,
"model": "cognos business viewpoint",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "jboss enterprise application platform for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "55"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli federated identity manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.9"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "88.4.1"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.13"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.04"
},
{
"_id": null,
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-07"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "ucosminexus client 06-71-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "tuning manager software (solaris(sp",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
},
{
"_id": null,
"model": "enterprise linux for sap server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-50-02"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-30"
},
{
"_id": null,
"model": "tru64 unix b-3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1.0"
},
{
"_id": null,
"model": "processing kit for xml 02-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "runtimes for java technology",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.5"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.013"
},
{
"_id": null,
"model": "jdk 1.3.1 20",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "vcenter update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "cosminexus studio 05-05-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10-04"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "replication manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-01"
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.1"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.52"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-00-03"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-20"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "provisioning manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.3.0-00"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-01"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.4"
},
{
"_id": null,
"model": "jdk update13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.5"
},
{
"_id": null,
"model": "tivoli netcool portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "tivoli workload scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "cognos metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "jrockit r28.0.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "tivoli netview for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.0"
},
{
"_id": null,
"model": "jdk update19",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "processing kit for xml 01-05-/b (windows(en",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.21"
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli federated identity manager business gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-40"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-10"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-60-01"
},
{
"_id": null,
"model": "jp1/hicommand provisioning manager (solaris(sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.30"
},
{
"_id": null,
"model": "reflection",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "x2011"
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netcool portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"_id": null,
"model": "totalstorage ds8300",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.31"
},
{
"_id": null,
"model": "virtualcenter 2.5.update build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "31"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web server for rhel as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.30"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.14"
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.117"
},
{
"_id": null,
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "virtualcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"_id": null,
"model": "jrockit r27.6.7",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "jdk b",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.7"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-10"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 10-b03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10-02"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tru64 unix b-4",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1.0"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-40"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.23"
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-10"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.4"
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.10"
},
{
"_id": null,
"model": "replication manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3.0-00"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.11"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-10"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10-03"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "cognos planning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition (hp-ux(pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-00"
},
{
"_id": null,
"model": "aura conferencing sp1 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.17"
},
{
"_id": null,
"model": "provisioning manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition hp-ux(pa-ri",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-10-12"
},
{
"_id": null,
"model": "ucosminexus client 06-71-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "tivoli netcool reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-12"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-08"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.2"
},
{
"_id": null,
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-00"
},
{
"_id": null,
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus client 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "provisioning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "jdk 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "reflection for secure it unix client",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"_id": null,
"model": "provisioning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"_id": null,
"model": "jdk update17",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.26"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "runtimes for java technology sr12 fp",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.04"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.119"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.221"
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72(*1)"
},
{
"_id": null,
"model": "tivoli composite application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.1"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.12"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "cognos query",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "jdk update20",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jp1/cm2/snmp system observer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "jp1/serverconductor/control manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1-1"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "cognos finance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-00-03"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus client 06-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/s",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/b )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux enterprise for sap applications sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "replication manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.4"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "jdk 20",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-50-03"
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "vcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.12"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-01-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss enterprise soa platform cp04",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.3"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.04"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.06"
},
{
"_id": null,
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cognos powerplay",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "processing kit for xml (windows(engli",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "01-05"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "tivoli netcool performance manager technology pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "jp1/hicommand provisioning manager (solaris(sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-90"
},
{
"_id": null,
"model": "jre 1.5.0 09-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "job management partner 1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-06"
},
{
"_id": null,
"model": "tivoli federated identity manager business gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-04(x64))"
},
{
"_id": null,
"model": "linux enterprise sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "51.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "jdk 13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.12"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "provisioning manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "jdk 08",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "identity manager analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "1.2"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"_id": null,
"model": "openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.27"
},
{
"_id": null,
"model": "reflection for secure it unix server sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.54"
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "tivoli federated identity manager business gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.0.9"
},
{
"_id": null,
"model": "identity manager designer",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.5.1"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "application manager for smart business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.18"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.4"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-00"
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-90"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.3"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.127"
},
{
"_id": null,
"model": "jre 18",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.111"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.118"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cosminexus studio 05-05-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "provisioning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.124"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "interstage software quality analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "10.0"
},
{
"_id": null,
"model": "device manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "jrockit r27.6.6",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.012"
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-20"
},
{
"_id": null,
"model": "jre 05a",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51-01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.16"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"_id": null,
"model": "jrockit r27.6.8",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "netcool/omnibus fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.120"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.19"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.32"
},
{
"_id": null,
"model": "jre 003",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "jdk 15",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "ucosminexus application server enterprise hp-ux )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform for rhel 4es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "reflection for secure it windows server sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise hp-ux )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "jre 099",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.12"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-10-02"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.3.0-00"
},
{
"_id": null,
"model": "jre beta",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-51-01"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-70"
},
{
"_id": null,
"model": "cognos visualizer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.11"
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-01"
},
{
"_id": null,
"model": "jrockit r27.6.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "cognos financial performance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "tivoli storage productivity center fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.14"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.015"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-20"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-01-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.106"
},
{
"_id": null,
"model": "cosminexus studio web edition 04-00-/a",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cognos powerplay",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-10"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.219"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cognos noticecast",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.125"
},
{
"_id": null,
"model": "sentinel support pack",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.12"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/c (hp-ux(",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.6"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "jdk 1.4.2 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-30"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-60-01"
},
{
"_id": null,
"model": "jre 14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-00-03"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1.2"
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/g )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/automatic job management system web operation assistant",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "3-0"
},
{
"_id": null,
"model": "jdk 12",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cognos metrics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "jp1/it resource management-manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "reflection for secure it windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"_id": null,
"model": "jdk 11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition (hp-ux(pa-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-00-02"
},
{
"_id": null,
"model": "provisioning manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "jdk update23",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.12"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.03"
},
{
"_id": null,
"model": "cognos web services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.16"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "jre 28",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72"
},
{
"_id": null,
"model": "cosminexus studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "db2 fixpak",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.55"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.4"
},
{
"_id": null,
"model": "db2 fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.51"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-01"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.9"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-10-01"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "reflection for secure it unix server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "6.0"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.24"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "sentinel support pack h",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "6.12"
},
{
"_id": null,
"model": "replication manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netcool performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"_id": null,
"model": "cosminexus client 06-50-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-01"
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer light 06-70-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-02(x64))"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "jdk 01a",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux enterprise teradata sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-40"
},
{
"_id": null,
"model": "jndi",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.1"
},
{
"_id": null,
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00-03"
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-10"
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-05"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.19"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "provisioning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "cognos business intelligence fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "88.4.1"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.1"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk 099",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.021"
},
{
"_id": null,
"model": "jre 006",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-60"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "tivoli enterprise console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9"
},
{
"_id": null,
"model": "linux enterprise java sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-05"
},
{
"_id": null,
"model": "cognos now!",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "processing kit for xml 01-05-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/n",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "db2 fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.73"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/n",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netview for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.6"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "db2 fixpak",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.52"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.31"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1.185"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.07"
},
{
"_id": null,
"model": "reflection for secure it unix server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"_id": null,
"model": "jdk update25",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.51"
},
{
"_id": null,
"model": "jdk 04",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "replication manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "replication manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-01"
},
{
"_id": null,
"model": "job management partner 1/automatic job management system web",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "2-0"
},
{
"_id": null,
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "rational clearquest",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10-01"
},
{
"_id": null,
"model": "ucosminexus client 06-71-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.017"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.32"
},
{
"_id": null,
"model": "provisioning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "cosminexus developer standard 06-50-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.227"
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/g (aix",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "vcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.13"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.11"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-50"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.224"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.27"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.115"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.8"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-04-01"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.15"
},
{
"_id": null,
"model": "jdk 10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk update18",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-00(x64))"
},
{
"_id": null,
"model": "interstage application server enterprise edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.28"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.20"
},
{
"_id": null,
"model": "identity manager roles based provisioning module",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.7"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli federated identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.2"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0.1"
},
{
"_id": null,
"model": "tivoli composite application manager for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "tivoli federated identity manager",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional 06-71-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.20"
},
{
"_id": null,
"model": "cognos controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "job management partner 1/automatic job management system web",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "3-0"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-70-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.6.1"
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-50-01"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "it operations director",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-07"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.112"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0"
},
{
"_id": null,
"model": "vcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.01"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.401"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "ucosminexus developer professional 06-70-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netview for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.122"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-06(x64))"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.32"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.24"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "jndi/ldap",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"_id": null,
"model": "db2 fix pack 6a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"_id": null,
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"_id": null,
"model": "tru64 unix 5.1b-5",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.7"
},
{
"_id": null,
"model": "cognos powerplay",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "jp1/hicommand provisioning manager )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-90"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72(*1)"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 003",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.1"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "cognos executive viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.13"
},
{
"_id": null,
"model": "cognos real-time monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "cosminexus server web edition 04-01-/a",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "reflection for secure it windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.0"
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11-01"
},
{
"_id": null,
"model": "interstage service integrator enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "jre 27",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-08"
},
{
"_id": null,
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.014"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1-1"
},
{
"_id": null,
"model": "cosminexus developer professional 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-50-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.011"
},
{
"_id": null,
"model": "global link manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.6-00"
},
{
"_id": null,
"model": "jrockit r27.6.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light 06-51-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk update14",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "tivoli directory server 6.2.0.3-tiv-itds-if0",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "reflection for secure it unix client sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.121"
},
{
"_id": null,
"model": "processing kit for xml 02-05-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "processing kit for xml 02-00-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-03"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.28"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "replication manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-03(x64))"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-06"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53"
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-90"
},
{
"_id": null,
"model": "cognos banking risk performance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-12"
},
{
"_id": null,
"model": "reflection for secure it unix client sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.0"
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "jre 004",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.2"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "virtualcenter update 6a",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"_id": null,
"model": "websphere datapower xc10 appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.0"
},
{
"_id": null,
"model": "cosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "cosminexus developer 05-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "tivoli storage productivity center for replication",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1.4"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "reflection for the web r3 build",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "2008527"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "processing kit for xml 02-05-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 17",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "tivoli federated identity manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.14"
},
{
"_id": null,
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.10"
},
{
"_id": null,
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "jp1/cm2/snmp system observer )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.55"
},
{
"_id": null,
"model": "jp1/hicommand tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "tivoli netcool performance manager for wireless",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.010"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-90"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "jp1/cm2/network node manager i advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.7"
},
{
"_id": null,
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard 06-71-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.26"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/b )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer 05-05-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.223"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.123"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jre 003",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "db2 fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.72"
},
{
"_id": null,
"model": "provisioning manager software (linux(sles",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "vcenter update manager update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.12"
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "processing kit for xml 01-05-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-09"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.116"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00-03"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "cosminexus client 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk update16",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-00"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.3"
},
{
"_id": null,
"model": "sdk .0 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4"
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "cosminexus developer light 06-00-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli netcool performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.020"
},
{
"_id": null,
"model": "enterprise linux as for sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "db2 fixpak",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.54"
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-03(x64))"
},
{
"_id": null,
"model": "cosminexus developer standard 06-51-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "tivoli composite application manager for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "system storage ds8700",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.33"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-04-00"
},
{
"_id": null,
"model": "interstage service integrator enterprise edition 9.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli directory server 6.3.0.0-tiv-itds-if0",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.05"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "jre .0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus developer standard 06-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cognos business viewpoint",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.113"
},
{
"_id": null,
"model": "websphere datapower xc10 appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.5"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/b (linux(",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.114"
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "jdk 19",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage software quality analyzer 10.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-01"
},
{
"_id": null,
"model": "cosminexus developer professional 06-50-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/integrated management service support",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.15"
},
{
"_id": null,
"model": "jdk 003",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.1.8"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cognos decisionstream",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-60"
},
{
"_id": null,
"model": "jp1/hicommand tuning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.34"
},
{
"_id": null,
"model": "jp1/automatic job management system web operation assistant",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "2-0"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.25"
},
{
"_id": null,
"model": "jre 19",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "reflection for secure it windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-02"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"_id": null,
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.13"
},
{
"_id": null,
"model": "cics transaction gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.016"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.00"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "ucosminexus developer light 06-71-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter edition pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "25008-00-03"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-51-/b (linux(",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server standard 06-50-/b )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "jre 16",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.1"
},
{
"_id": null,
"model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/n",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-07"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "jboss enterprise portal platform 4.3.cp06",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "enterprise linux sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"_id": null,
"model": "jp1/hicommand provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jp1/hicommand replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-50"
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3"
},
{
"_id": null,
"model": "tivoli netview",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.5"
},
{
"_id": null,
"model": "cosminexus developer professional 06-51-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tivoli common reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2-2"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus application server enterprise 06-51-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "replication manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "cosminexus developer 05-05-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-04-00"
},
{
"_id": null,
"model": "jp1/hicommand global link availability manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-04"
},
{
"_id": null,
"model": "cosminexus developer light 06-50-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.29"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.2.1"
},
{
"_id": null,
"model": "jdk update22",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.109"
},
{
"_id": null,
"model": "jdk update15",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"_id": null,
"model": "jboss enterprise web platform for rhel 4es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "cosminexus developer 05-01-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.3.110"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "provisioning manager software (solaris(sp",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "jdk 1.4.2 10",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard 06-02-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "esx update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0.28"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00(x64))"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.10"
},
{
"_id": null,
"model": "db2 fixpack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.57"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
}
],
"sources": [
{
"db": "BID",
"id": "46091"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000018"
},
{
"db": "NVD",
"id": "CVE-2010-4476"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:systems_insight_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:ibm_forms",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_expeditor",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_quickr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:ibm_mashup_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_dashboard_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_activeinsight",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_connections",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_mashups",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_sametime_advanced",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_sametime_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_sametime_unified_telephony",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_web_content_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:lotus_workforce_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_portlet_factory",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:workplace_web_content_management",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000018"
}
]
},
"credits": {
"_id": null,
"data": "Konstantin Preisser",
"sources": [
{
"db": "BID",
"id": "46091"
}
],
"trust": 0.3
},
"cve": "CVE-2010-4476",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-4476",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2011-000018",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-4476",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2011-000018",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2010-4476",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-4476"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000018"
},
{
"db": "NVD",
"id": "CVE-2010-4476"
}
]
},
"description": {
"_id": null,
"data": "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM Lotus product line contains a denial-of-service (DoS) vulnerability. IBM Lotus product line contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).A remote attacker may cause a denial-of-service (DoS). Oracle Java is prone to a remote denial-of-service vulnerability. \nSuccessful attacks will cause applications written in Java to hang, creating a denial-of-service condition. \nThis issue affects both the Java compiler and Runtime Environment. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03716627\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03716627\nVersion: 1\n\nHPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine,\nRemote Denial of Service (DoS), Access Restriction Bypass, Unauthorized\nModification and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-03-28\nLast Updated: 2013-03-28\n\n- ----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), access restriction\nbypass, unauthorized modification and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache\nrunning Tomcat Servlet Engine. These vulnerabilities could be exploited\nremotely to create a Denial of Service (DoS) or to perform an access\nrestriction bypass, unauthorized modification, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache running Tomcat Servlet Engine\n5.5.35.01 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6\nCVE-2009-2693 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8\nCVE-2009-2902 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2009-3548 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2010-1157 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\nCVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2010-3718 (AV:L/AC:H/Au:N/C:N/I:P/A:N) 1.2\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-0013 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2011-1184 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-2204 (AV:L/AC:M/Au:N/C:P/I:N/A:N) 1.9\nCVE-2011-2526 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2011-2729 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3190 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-4858 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0022 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerability. \nThe updates are available for download from https://h20392.www2.hp.com/portal\n/swdepot/displayProductInfo.do?productNumber=HPUXWST553601\n\nServlet Version\n Depot Name\n\nHP-UX Apache Tomcat Servlet Engine v5.5.36.01\nHP-UX_11.23_HPUXWS22T-B5536-1123.depot\n\nHP-UX_11.31_HPUXWS22T-B5536-1131.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Apache Tomcat Servlet Engine 5.5.36.01 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX Web Server Suite\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.5.5.36.01 or subsequent\n\nEND AFFECTED VERSION\n\nHISTORY\nVersion:1 (rev.1) - 28 March 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nBackground\n==========\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and\nthe Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)\nprovide the Oracle Java platform (formerly known as Sun Java Platform). \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-1079-3 March 17, 2011\nopenjdk-6b18 vulnerabilities\nCVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469,\nCVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476,\nCVE-2011-0706\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 10.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 10.10:\n icedtea6-plugin 6b18-1.8.7-0ubuntu2.1\n openjdk-6-jre 6b18-1.8.7-0ubuntu2.1\n openjdk-6-jre-headless 6b18-1.8.7-0ubuntu2.1\n\nAfter a standard system update you need to restart any Java services,\napplications or applets to make all the necessary changes. \n\nDetails follow:\n\nUSN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)\narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. \n\nOriginal advisory details:\n\n It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n \n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. A local attacker\n could exploit this to execute arbitrary code as the user invoking\n the program. (CVE-2010-4450)\n \n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n \n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. This could allow an attacker to\n cause a denial of service through an application crash or possibly\n inject code. (CVE-2010-4469)\n \n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n \n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n \n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n \n Konstantin Prei\\xdfer and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2010-4476)\n \n It was discovered that the JNLPClassLoader class when handling multiple\n signatures allowed remote attackers to gain privileges due to the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\n\n\nUpdated packages for Ubuntu 10.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.diff.gz\n Size/MD5: 149561 b35ae7a82db49282379d36e7ece58484\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.dsc\n Size/MD5: 3015 04cb459aeaab6c228e722caf07a44de9\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz\n Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 377802 d4439da20492eafbccb33e2fe979e8c9\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 78338 7bdf93e00fd81dc82fd0d9a8b4e905c7\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 85497146 1512e0d6563dd5120729cf5b993c618c\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 1545620 544c54891d44bdac534c81318a7f2bcb\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 9140042 0a2d6ed937081800baeb6fc55326a754\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 30092886 4cc5ad7c54638278e55ee7d2acaab413\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 266102 4278c2c06387cf883325356efda3c4d4\n http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 1959296 6becfb4d5a2ecbe7aee622b84df57f12\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: Red Hat Network Satellite server IBM Java Runtime security update\nAdvisory ID: RHSA-2011:0880-01\nProduct: Red Hat Network Satellite Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-0880.html\nIssue date: 2011-06-16\nCVE Names: CVE-2009-3555 CVE-2010-1321 CVE-2010-3541 \n CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 \n CVE-2010-3551 CVE-2010-3553 CVE-2010-3555 \n CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 \n CVE-2010-3560 CVE-2010-3562 CVE-2010-3563 \n CVE-2010-3565 CVE-2010-3566 CVE-2010-3568 \n CVE-2010-3569 CVE-2010-3571 CVE-2010-3572 \n CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 \n CVE-2010-4447 CVE-2010-4448 CVE-2010-4452 \n CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 \n CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 \n CVE-2010-4468 CVE-2010-4471 CVE-2010-4473 \n CVE-2010-4475 CVE-2010-4476 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Network Satellite 5.4.1 for Red Hat\nEnterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Network Satellite Server 5.4 (RHEL v.5) - i386, s390x, x86_64\n\n3. Description:\n\nThis update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite 5.4.1. In\na typical operating environment, these are of low security risk as the\nruntime is not used on untrusted applets. Detailed vulnerability descriptions are linked from the IBM\n\"Security alerts\" page, listed in the References section. (CVE-2009-3555,\nCVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,\nCVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557,\nCVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\nCVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572,\nCVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465,\nCVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,\nCVE-2010-4475, CVE-2010-4476)\n\nUsers of Red Hat Network Satellite 5.4.1 are advised to upgrade to these\nupdated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java\nrelease. For this update to take effect, Red Hat Network Satellite must be\nrestarted. Refer to the Solution section for details. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation\n582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)\n639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775)\n639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710)\n639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813)\n639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564)\n639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023)\n639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489)\n639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692)\n642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002)\n642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017)\n642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603)\n642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)\n642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)\n642558 - CVE-2010-3555 JDK unspecified vulnerability in Deployment component\n642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component\n642573 - CVE-2010-3560 JDK unspecified vulnerability in Networking component\n642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component\n642585 - CVE-2010-3571 JDK unspecified vulnerability in 2D component\n642589 - CVE-2010-3563 JDK unspecified vulnerability in Deployment component\n642593 - CVE-2010-3558 JDK unspecified vulnerability in Java Web Start component\n642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component\n674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service\n675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662)\n676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453)\n676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922)\n677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component\n677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component\n677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component\n677960 - CVE-2010-4467 JDK unspecified vulnerability in Deployment component\n677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component\n677963 - CVE-2010-4463 JDK unspecified vulnerability in Deployment component\n677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component\n677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component\n677968 - CVE-2010-4452 JDK unspecified vulnerability in Deployment component\n677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component\n677971 - CVE-2010-4422 JDK unspecified vulnerability in Deployment component\n\n6. Package List:\n\nRed Hat Network Satellite Server 5.4 (RHEL v.5):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.src.rpm\n\ni386:\njava-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2009-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-1321.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3541.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3562.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3563.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3565.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3566.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3568.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3569.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3571.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3572.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3573.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3574.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4422.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4447.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4448.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4452.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4454.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4462.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4463.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4465.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4466.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4467.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4468.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4471.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4473.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4475.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4476.html\nhttps://access.redhat.com/security/updates/classification/#low\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFN+lm6XlSAg2UNWIIRAvBeAJ0Wz/dmuJW0q8QTp1Bq5NhaLmExvQCeM5c+\nRNFKowPY3HYpgAdrm0ORV8c=\n=W7VB\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ----------------------------------------------------------------------\n\n\nhttp://twitter.com/secunia\n\nhttp://www.facebook.com/Secunia\n\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi JP1 Products Java Double Literal Denial of Service\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA44576\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44576/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44576\n\nRELEASE DATE:\n2011-05-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44576/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44576/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44576\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged a vulnerability in JP1 products, which can\nbe exploited by malicious people to cause a DoS (Denial of Service). \n\nFor more information see vulnerability #1 in:\nSA43262\n\nPlease see the vendor\u0027s advisory for the list of affected products. Please see the vendor\u0027s advisory for more\ndetails. \n\nORIGINAL ADVISORY:\nHitachi (Japanese):\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-008/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack. \n\nFor the old stable distribution (lenny), this problem has been fixed\nin version 6b18-1.8.3-2~lenny1. \n\nNote that this update introduces an OpenJDK package based on the\nIcedTea release 1.8.3 into the old stable distribution. This\naddresses several dozen security vulnerabilities, most of which are\nonly exploitable by malicious mobile code. A notable exception is\nCVE-2009-3555, the TLS renegotiation vulnerability. This update\nimplements the protocol extension described in RFC 5746, addressing\nthis issue. \n\nThis update also includes a new version of Hotspot, the Java virtual\nmachine, which increases the default heap size on machines with\nseveral GB of RAM. If you run several JVMs on the same machine, you\nmight have to reduce the heap size by specifying a suitable -Xmx\nargument in the invocation of the \"java\" command. \n\nWe recommend that you upgrade your openjdk-6 packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nHP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA V3.1 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4476"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000018"
},
{
"db": "BID",
"id": "46091"
},
{
"db": "VULMON",
"id": "CVE-2010-4476"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "102969"
},
{
"db": "PACKETSTORM",
"id": "99459"
},
{
"db": "PACKETSTORM",
"id": "102374"
},
{
"db": "PACKETSTORM",
"id": "101468"
},
{
"db": "PACKETSTORM",
"id": "98795"
},
{
"db": "PACKETSTORM",
"id": "98469"
},
{
"db": "PACKETSTORM",
"id": "111920"
}
],
"trust": 2.79
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35304",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-4476"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2010-4476",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "43295",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1025062",
"trust": 1.9
},
{
"db": "HITACHI",
"id": "HS11-003",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "43400",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "43304",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "45022",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "43333",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "43048",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "44954",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "45555",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "43659",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "43378",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "43280",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "49198",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0605",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0422",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0434",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0365",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0377",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0379",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVN97334690",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000018",
"trust": 0.8
},
{
"db": "BID",
"id": "46091",
"trust": 0.4
},
{
"db": "HITACHI",
"id": "HS11-008",
"trust": 0.4
},
{
"db": "HITACHI",
"id": "HS11-009",
"trust": 0.3
},
{
"db": "HITACHI",
"id": "HS11-010",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "44576",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "35304",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-4476",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106640",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102969",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99459",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "98795",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "98469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111920",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-4476"
},
{
"db": "BID",
"id": "46091"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "102969"
},
{
"db": "PACKETSTORM",
"id": "99459"
},
{
"db": "PACKETSTORM",
"id": "102374"
},
{
"db": "PACKETSTORM",
"id": "101468"
},
{
"db": "PACKETSTORM",
"id": "98795"
},
{
"db": "PACKETSTORM",
"id": "98469"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000018"
},
{
"db": "NVD",
"id": "CVE-2010-4476"
}
]
},
"id": "VAR-201102-0280",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2971645411111111
},
"last_update_date": "2026-03-04T22:09:13.928000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HPSBMU02769 SSRT100846",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151"
},
{
"title": "1462146",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21462146"
},
{
"title": "1462136",
"trust": 0.8,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21462136"
},
{
"title": "NV18-002",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv18-002.html"
},
{
"title": "Debian Security Advisories: DSA-2161-1 openjdk-6 -- denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8a0fbd8ef02c50b965cd7461fe7f588d"
},
{
"title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-3"
},
{
"title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-1"
},
{
"title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-2"
},
{
"title": "VMware Security Advisories: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=31eb28d4d81f5dda33b13bdc58dfe8fb"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-4476"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000018"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-189",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000018"
},
{
"db": "NVD",
"id": "CVE-2010-4476"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "http://secunia.com/advisories/43295"
},
{
"trust": 1.9,
"url": "http://www.securitytracker.com/id?1025062"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html"
},
{
"trust": 1.4,
"url": "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-003/index.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0214.html"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm31983"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053926.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2011/dsa-2161"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0282.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43400"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0422"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0211.html"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94423"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0434"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0213.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43280"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468358"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053934.html"
},
{
"trust": 1.1,
"url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715\u0026admit=109447627+1298159618320+28353475"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0365"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43378"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43304"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0379"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0212.html"
},
{
"trust": 1.1,
"url": "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0377"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0210.html"
},
{
"trust": 1.1,
"url": "http://blog.fortify.com/blog/2011/02/08/double-trouble"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43048"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43333"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0334.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0333.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/45555"
},
{
"trust": 1.1,
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029498"
},
{
"trust": 1.1,
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029497"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=130514352726432\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:054"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=131041767210772\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0605"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=129960314701922\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43659"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44954"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/45022"
},
{
"trust": 1.1,
"url": "http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5098550.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/49198"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=130270785502599\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=130497185606818\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=130497132406206\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=129899347607632\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19493"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14589"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14328"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12745"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12662"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn97334690/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4476"
},
{
"trust": 0.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468884"
},
{
"trust": 0.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469222"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-008/index.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg24030795"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7008129"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21509635"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21468287"
},
{
"trust": 0.3,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxfpupdater"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02752210"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03090723\u0026ac.admitted=1321942068127.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7009249"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21469285"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201101e.html"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1003877"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg1oa35932"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24029090"
},
{
"trust": 0.3,
"url": "http://support.attachmate.com/techdocs/1704.html"
},
{
"trust": 0.3,
"url": "http://java.sun.com"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468728"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032592"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21474615"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029498"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029497"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029827"
},
{
"trust": 0.3,
"url": "/archive/1/516213"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469074"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100127618"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100128342"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100131812"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469482"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469001"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469261"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468267"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21508061"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02906075"
},
{
"trust": 0.3,
"url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715"
},
{
"trust": 0.3,
"url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02738573"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-009/index.html"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-010/index.html"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas2a5e8722f285b693586257837004234f7"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas239097234bdef0f0086257837004234ff"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas2e3651fd2836659b88625783700423505"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas2bbd9eef75e33a6ec862578370042350b"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas24394745ae41518b88625783700423513"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas274b0e6114eba807a8625783700423519"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas22c04013ef2a6aba98625783700423520"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21468291"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94331"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469266"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21469046"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469229"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468927"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468987"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0334.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0333.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468915"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468912"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469042"
},
{
"trust": 0.3,
"url": "http://support.attachmate.com/techdocs/2566.html"
},
{
"trust": 0.3,
"url": "http://support.attachmate.com/techdocs/2564.html"
},
{
"trust": 0.3,
"url": "http://support.attachmate.com/techdocs/2560.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468521"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7008485"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468705"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=isg400000547"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033364"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032885"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029766"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029768"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24029502"
},
{
"trust": 0.3,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.2,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4471"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0706"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4472"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-2161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/35304/"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1079-3/"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/46091"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22468"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201111-02.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/patches"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu2.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu2.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu2.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu2.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu2.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu2.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu2.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu2.1_armel.deb"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3550.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3568.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3574.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4452"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3556.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4468.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3548.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3563.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4476.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3551.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3560.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-1321.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3569.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4447.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3558.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4452.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3549.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4462.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3566.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4422.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3571.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4475.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4473.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3572.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2009-3555.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3573.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3541.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4463.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4454.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1321"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3562.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4448.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4467.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4471.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4465.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4466.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3557.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3565.html"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3555.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-3553.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0880.html"
},
{
"trust": 0.1,
"url": "http://twitter.com/secunia"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://www.facebook.com/secunia"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44576/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44576/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44576"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1~10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1~10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.7-0ubuntu1~9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1~10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.7.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.7-0ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1~10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.7-0ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.7-0ubuntu1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1~10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.7-0ubuntu1~9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1~9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1~10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.7-0ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.7-0ubuntu1~9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.7-0ubuntu1~10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.7-0ubuntu1~9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1~10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1~9.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1~9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1~10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1~9.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1~9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.7-0ubuntu1~10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.7-0ubuntu1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.7-0ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1~9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.7-0ubuntu1~9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.7-0ubuntu1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1~9.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1~9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1~10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.7-0ubuntu1~10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.7-0ubuntu1~9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1~9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1~9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1~9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.7-0ubuntu1~10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1~9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.7-0ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1~9.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.7-0ubuntu1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1~9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1~9.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1~10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.7-0ubuntu1~9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.7-0ubuntu1~9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1~9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1~10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.7-0ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1~10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1~10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1~10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1~10.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1~10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.7-0ubuntu1~10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1~10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1~10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.7-0ubuntu1~10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1~9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1~9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1~10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1~9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.7-0ubuntu1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1~10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.7-0ubuntu1~9.10.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.7-0ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.7-0ubuntu1~10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1~9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1~9.10.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.7-0ubuntu1~10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.7-0ubuntu1~9.10.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.7-0ubuntu1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.7-0ubuntu1~10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.7-0ubuntu1~10.04.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.7-0ubuntu1~10.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1~10.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1~9.10.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1~9.10.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.7-0ubuntu1~10.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-4476"
},
{
"db": "BID",
"id": "46091"
},
{
"db": "PACKETSTORM",
"id": "121037"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "102969"
},
{
"db": "PACKETSTORM",
"id": "99459"
},
{
"db": "PACKETSTORM",
"id": "102374"
},
{
"db": "PACKETSTORM",
"id": "101468"
},
{
"db": "PACKETSTORM",
"id": "98795"
},
{
"db": "PACKETSTORM",
"id": "98469"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000018"
},
{
"db": "NVD",
"id": "CVE-2010-4476"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2010-4476",
"ident": null
},
{
"db": "BID",
"id": "46091",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121037",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "106640",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "102969",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "99459",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "102374",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "101468",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "98795",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "98469",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111920",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000018",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2010-4476",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-02-17T00:00:00",
"db": "VULMON",
"id": "CVE-2010-4476",
"ident": null
},
{
"date": "2011-02-01T00:00:00",
"db": "BID",
"id": "46091",
"ident": null
},
{
"date": "2013-04-01T15:55:00",
"db": "PACKETSTORM",
"id": "121037",
"ident": null
},
{
"date": "2011-11-06T01:01:42",
"db": "PACKETSTORM",
"id": "106640",
"ident": null
},
{
"date": "2011-07-12T00:49:57",
"db": "PACKETSTORM",
"id": "102969",
"ident": null
},
{
"date": "2011-03-18T21:57:10",
"db": "PACKETSTORM",
"id": "99459",
"ident": null
},
{
"date": "2011-06-17T12:57:44",
"db": "PACKETSTORM",
"id": "102374",
"ident": null
},
{
"date": "2011-05-16T06:02:35",
"db": "PACKETSTORM",
"id": "101468",
"ident": null
},
{
"date": "2011-03-01T15:08:06",
"db": "PACKETSTORM",
"id": "98795",
"ident": null
},
{
"date": "2011-02-14T21:33:52",
"db": "PACKETSTORM",
"id": "98469",
"ident": null
},
{
"date": "2012-04-17T20:41:11",
"db": "PACKETSTORM",
"id": "111920",
"ident": null
},
{
"date": "2011-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000018",
"ident": null
},
{
"date": "2011-02-17T19:00:01.900000",
"db": "NVD",
"id": "CVE-2010-4476",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2010-4476",
"ident": null
},
{
"date": "2015-04-13T21:31:00",
"db": "BID",
"id": "46091",
"ident": null
},
{
"date": "2018-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000018",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-4476",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "46091"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "IBM Lotus vulnerable to denial-of-service (DoS)",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000018"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "46091"
}
],
"trust": 0.3
}
}
VAR-201704-1034
Vulnerability from variot - Updated: 2025-12-22 19:58Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. The following versions are affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M11. Apache Tomcat 8.5.0 to 8.5.6. Apache Tomcat 8.0.0.RC1 to 8.0.38. Apache Tomcat 7.0.0 to 7.0.72. Apache Tomcat 6.0.0 to 6.0.47. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3738-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq
Package : tomcat7 CVE ID : CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775 Debian Bug : 802312 845385 845393
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.
For the stable distribution (jessie), these problems have been fixed in version 7.0.56-3+deb8u6.
For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 7.0.72-3.
We recommend that you upgrade your tomcat7 packages.
The References section of this erratum contains a download link (you must log in to download the update). =========================================================================== Ubuntu Security Notice USN-3177-2 February 02, 2017
tomcat6, tomcat7 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3177-1 introduced a regression in Tomcat.
Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine
Details:
USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem.
We apologize for the inconvenience. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018) It was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388) It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6816) Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. (CVE-2016-8745) Paul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.9 tomcat7 7.0.52-1ubuntu0.9
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.10 tomcat6 6.0.35-1ubuntu3.10
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update Advisory ID: RHSA-2017:0456-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2017:0456 Issue date: 2015-11-12 Updated on: 2017-03-07 CVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 3.1 for RHEL 7 - noarch, ppc64, x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
-
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
-
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
-
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
-
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
-
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
-
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
-
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
-
It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
-
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
-
This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-268)
-
Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service 1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation 1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation 1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources 1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters 1390520 - CVE-2016-6794 tomcat: system property disclosure 1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function 1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation 1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests 1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener 1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
- JIRA issues fixed (https://issues.jboss.org/):
JWS-268 - RHEL 7 Errata JIRA
- Package List:
Red Hat JBoss Web Server 3.1 for RHEL 7:
Source: hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.src.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el7.src.rpm jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7.src.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el7.src.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el7.src.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el7.src.rpm tomcat7-7.0.70-16.ep7.el7.src.rpm tomcat8-8.0.36-17.ep7.el7.src.rpm
noarch: hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el7.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el7.noarch.rpm mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el7.noarch.rpm mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el7.noarch.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el7.noarch.rpm tomcat7-7.0.70-16.ep7.el7.noarch.rpm tomcat7-admin-webapps-7.0.70-16.ep7.el7.noarch.rpm tomcat7-docs-webapp-7.0.70-16.ep7.el7.noarch.rpm tomcat7-el-2.2-api-7.0.70-16.ep7.el7.noarch.rpm tomcat7-javadoc-7.0.70-16.ep7.el7.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-16.ep7.el7.noarch.rpm tomcat7-jsvc-7.0.70-16.ep7.el7.noarch.rpm tomcat7-lib-7.0.70-16.ep7.el7.noarch.rpm tomcat7-log4j-7.0.70-16.ep7.el7.noarch.rpm tomcat7-selinux-7.0.70-16.ep7.el7.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-16.ep7.el7.noarch.rpm tomcat7-webapps-7.0.70-16.ep7.el7.noarch.rpm tomcat8-8.0.36-17.ep7.el7.noarch.rpm tomcat8-admin-webapps-8.0.36-17.ep7.el7.noarch.rpm tomcat8-docs-webapp-8.0.36-17.ep7.el7.noarch.rpm tomcat8-el-2.2-api-8.0.36-17.ep7.el7.noarch.rpm tomcat8-javadoc-8.0.36-17.ep7.el7.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-17.ep7.el7.noarch.rpm tomcat8-jsvc-8.0.36-17.ep7.el7.noarch.rpm tomcat8-lib-8.0.36-17.ep7.el7.noarch.rpm tomcat8-log4j-8.0.36-17.ep7.el7.noarch.rpm tomcat8-selinux-8.0.36-17.ep7.el7.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-17.ep7.el7.noarch.rpm tomcat8-webapps-8.0.36-17.ep7.el7.noarch.rpm
ppc64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7.ppc64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el7.ppc64.rpm
x86_64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el7.x86_64.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el7.x86_64.rpm tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0762 https://access.redhat.com/security/cve/CVE-2016-1240 https://access.redhat.com/security/cve/CVE-2016-3092 https://access.redhat.com/security/cve/CVE-2016-5018 https://access.redhat.com/security/cve/CVE-2016-6325 https://access.redhat.com/security/cve/CVE-2016-6794 https://access.redhat.com/security/cve/CVE-2016-6796 https://access.redhat.com/security/cve/CVE-2016-6797 https://access.redhat.com/security/cve/CVE-2016-6816 https://access.redhat.com/security/cve/CVE-2016-8735 https://access.redhat.com/security/cve/CVE-2016-8745 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYvwx1XlSAg2UNWIIRAlcaAJ9BAGykX/bGrxjm/OJ4KkTD2Jol4QCfaFhA I1dYmPbbHiEL1qBik1MSZME= =IQj5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "oncommand shift",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.2.4181"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.7"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.8.2223"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.4.3247"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "micros relate crm software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.4"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.73"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.5.0"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.48"
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.7.1"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.8.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.6.0"
},
{
"model": "retail convenience and fuel pos software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.1.132"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.3"
},
{
"model": "micros relate crm software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.7.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.39"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 from 6.0.47"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 from 7.0.72"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0.rc1 from 8.0.38"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.5.0 from 8.5.6"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "9.0.0.m1 from 9.0.0.m11"
},
{
"model": "mailshooter",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6"
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7"
},
{
"model": "spoolserver series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "reportfiling ver5.2 to 6.2"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 5"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version"
},
{
"model": "embedded cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "jp1/cm2/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for atm"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"model": "programming environment for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.3"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.72"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.70"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.69"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.67"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.65"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.59"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.57"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.54"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.53"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.44"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.43"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0"
},
{
"model": "tomcat 9.0.0.m9",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m4",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m11",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.32"
},
{
"model": "tomcat 8.0.0.rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.68"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.55"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.49"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.48"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.46"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.45"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.44"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.43"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.45"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.19"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.8"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.39"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.73"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.48"
},
{
"model": "tomcat 9.0.0.m13",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "94463"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:mailshooter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:simpwright",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:spoolserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:embedded_cosminexus_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:programming_environment_for_java",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8735",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8735",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8735",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2016-8735",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-609",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2016-8735",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn\u0027t updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a remote code-execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. \nThe following versions are affected:\nApache Tomcat 9.0.0.M1 to 9.0.0.M11. \nApache Tomcat 8.5.0 to 8.5.6. \nApache Tomcat 8.0.0.RC1 to 8.0.38. \nApache Tomcat 7.0.0 to 7.0.72. \nApache Tomcat 6.0.0 to 6.0.47. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3738-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nDecember 18, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat7\nCVE ID : CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775\nDebian Bug : 802312 845385 845393\n\nMultiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u6. \n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3. \n\nWe recommend that you upgrade your tomcat7 packages. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n===========================================================================\nUbuntu Security Notice USN-3177-2\nFebruary 02, 2017\n\ntomcat6, tomcat7 regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3177-1 introduced a regression in Tomcat. \n\nSoftware Description:\n- tomcat7: Servlet and JSP engine\n- tomcat6: Servlet and JSP engine\n\nDetails:\n\nUSN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a\nregression in environments where Tomcat is started with a security manager. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. A remote attacker could possibly\n use this issue to enumerate usernames. This issue only applied to Ubuntu\n 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could\n possibly use this to bypass Security Manager restrictions. This issue only\n applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n (CVE-2016-5018)\n It was discovered that Tomcat did not protect applications from untrusted\n data in the HTTP_PROXY environment variable. A remote attacker could\n possibly use this issue to redirect outbound traffic to an arbitrary proxy\n server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\n Ubuntu 16.04 LTS. (CVE-2016-5388)\n It was discovered that Tomcat incorrectly controlled reading system\n properties. A malicious application could possibly use this to bypass\n Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\n Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass\n Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\n Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only applied to\n Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6816)\n Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\n implement a recommended fix. (CVE-2016-8745)\n Paul Szabo discovered that the Tomcat package incorrectly handled upgrades\n and removals. A local attacker could possibly use this issue to obtain\n root privileges. (CVE-2016-9774, CVE-2016-9775)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libtomcat7-java 7.0.52-1ubuntu0.9\n tomcat7 7.0.52-1ubuntu0.9\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.10\n tomcat6 6.0.35-1ubuntu3.10\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update\nAdvisory ID: RHSA-2017:0456-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:0456\nIssue date: 2015-11-12\nUpdated on: 2017-03-07\nCVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 \n CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 \n CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 \n CVE-2016-8735 CVE-2016-8745 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 3 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 3.1 for RHEL 7 - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. \n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for\nRed Hat JBoss Web Server 3.0.3, and includes enhancements. \n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges. \n(CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included\nin EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat\ninstance built from source, using the EWS 2.x, or JWS 3.x distributions, an\nattacker could use this flaw to launch a remote code execution attack on\nyour deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own. \n(CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body. \n(CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible to\ndetermine valid user names. Note that the default configuration includes\nthe LockOutRealm which makes exploitation of this vulnerability harder. \n(CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was accessible\nto web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s\nsystem property replacement feature for configuration files could be used\nby a malicious web application to bypass the SecurityManager and read\nsystem properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration parameters\nfor the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access\nany global JNDI resource whether an explicit ResourceLink had been\nconfigured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security. \n\nEnhancement(s):\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages\nto Red Hat Enterprise Linux 7. These packages provide a number of\nenhancements over the previous version of Red Hat JBoss Web Server. \n(JIRA#JWS-268)\n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation\n1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation\n1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources\n1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters\n1390520 - CVE-2016-6794 tomcat: system property disclosure\n1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function\n1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation\n1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener\n1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-268 - RHEL 7 Errata JIRA \n\n7. Package List:\n\nRed Hat JBoss Web Server 3.1 for RHEL 7:\n\nSource:\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.src.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el7.src.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7.src.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el7.src.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el7.src.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el7.src.rpm\ntomcat7-7.0.70-16.ep7.el7.src.rpm\ntomcat8-8.0.36-17.ep7.el7.src.rpm\n\nnoarch:\nhibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm\nhibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm\nhibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm\nhibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7.noarch.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el7.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el7.noarch.rpm\nmod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el7.noarch.rpm\nmod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el7.noarch.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el7.noarch.rpm\ntomcat7-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-admin-webapps-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-docs-webapp-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-el-2.2-api-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-javadoc-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-jsp-2.2-api-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-jsvc-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-lib-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-log4j-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-selinux-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-servlet-3.0-api-7.0.70-16.ep7.el7.noarch.rpm\ntomcat7-webapps-7.0.70-16.ep7.el7.noarch.rpm\ntomcat8-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-admin-webapps-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-docs-webapp-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-el-2.2-api-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-javadoc-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-jsp-2.3-api-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-jsvc-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-lib-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-log4j-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-selinux-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-servlet-3.1-api-8.0.36-17.ep7.el7.noarch.rpm\ntomcat8-webapps-8.0.36-17.ep7.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7.ppc64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el7.x86_64.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el7.x86_64.rpm\ntomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0762\nhttps://access.redhat.com/security/cve/CVE-2016-1240\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nhttps://access.redhat.com/security/cve/CVE-2016-5018\nhttps://access.redhat.com/security/cve/CVE-2016-6325\nhttps://access.redhat.com/security/cve/CVE-2016-6794\nhttps://access.redhat.com/security/cve/CVE-2016-6796\nhttps://access.redhat.com/security/cve/CVE-2016-6797\nhttps://access.redhat.com/security/cve/CVE-2016-6816\nhttps://access.redhat.com/security/cve/CVE-2016-8735\nhttps://access.redhat.com/security/cve/CVE-2016-8745\nhttps://access.redhat.com/security/updates/classification/#important\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYvwx1XlSAg2UNWIIRAlcaAJ9BAGykX/bGrxjm/OJ4KkTD2Jol4QCfaFhA\nI1dYmPbbHiEL1qBik1MSZME=\n=IQj5\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8735"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8735",
"trust": 3.4
},
{
"db": "BID",
"id": "94463",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037331",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92250735",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159413",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3415",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-8735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140199",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140692",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140905",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141510",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"id": "VAR-201704-1034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2025-12-22T19:58:27.256000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixed in Apache Tomcat 8.0.39",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"title": "Fixed in Apache Tomcat 7.0.73",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"title": "Fixed in Apache Tomcat 6.0.48",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"title": "Fixed in Apache Tomcat 9.0.0.M13",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13"
},
{
"title": "Fixed in Apache Tomcat 8.5.8",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "NV17-002",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-002.html"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "Apache Tomcat Fixes for remote code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66050"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170457 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2016-777",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-777"
},
{
"title": "Amazon Linux AMI: ALAS-2016-778",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-778"
},
{
"title": "Red Hat: CVE-2016-8735",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-8735"
},
{
"title": "Amazon Linux AMI: ALAS-2016-776",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-776"
},
{
"title": "Debian Security Advisories: DSA-3738-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8828b9876ebd1ef3e89b0ed4e9499abe"
},
{
"title": "Debian Security Advisories: DSA-3739-1 tomcat8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=98ef9e44fdad2be0b98f03550515e81a"
},
{
"title": "Arch Linux Advisories: [ASA-201611-22] tomcat6: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201611-22"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3177-2"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9774: privilege escalation via upgrade",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8cd48a33e8df530a4a18a79eb337a877"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9775: privilege escalation via removal",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e3359df45e6e8201a268a6c465717fa5"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7, tomcat8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3177-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/QChiLan/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/qashqao/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/joaomatosf/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/milkdevil/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/syadg123/exboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/bibortone/Jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/gyanaa/https-github.com-joaomatosf-jexboss "
},
{
"title": "PentestNote\n\u524d\u671f\u4fe1\u606f\u6536\u96c6\n\u6f0f\u6d1e\u653b\u51fb\n\u9c7c\u53c9\u653b\u51fb\n\u6743\u9650\u7ef4\u6301\n\u75d5\u8ff9\u6e05\u7406\n\u6a2a\u5411\u79fb\u52a8\n\u57df\u4fe1\u606f\u6536\u96c6\n\u5185\u7f51\u6e17\u900f\u5408\u96c6\npayload\u751f\u6210\npayload\u4e0b\u8f7d\u0026\u767d\u540d\u5355bypass\n\u514d\u6740\n\u53cd\u5f39shell\nlinux\u547d\u4ee4\u7b14\u8bb0\ndocker\u547d\u4ee4\u7b14\u8bb0\nubuntu\u8e29\u5751\u8bb0\u5f55\ngit \u7b14\u8bb0\n\u7f16\u7a0b\u8bed\u8a00\u5b66\u4e60\u7b14\u8bb0\n\u8bfb\u4e66\u7b14\u8bb0\n\u6f0f\u6d1e\u7b14\u8bb0",
"trust": 0.1,
"url": "https://github.com/safe6Sec/PentestNote "
},
{
"title": "cyber-security-interview",
"trust": 0.1,
"url": "https://github.com/7hang/cyber-security-interview "
},
{
"title": "==========================================\nJok3r - Network and Web Pentest Framework\n=============\nMain features\n============\nInstallation\n====================\nQuick usage examples\n======================\nTypical usage example\n==================\nFull Documentation\n============================================================\nSupported Services \u0026 Security Checks (Updated on 24/10/2018)",
"trust": 0.1,
"url": "https://github.com/oneplus-x/jok3r "
},
{
"title": "https://github.com/yottaiq/jok3r",
"trust": 0.1,
"url": "https://github.com/yottaiq/jok3r "
},
{
"title": "https://github.com/trganda/dockerv",
"trust": 0.1,
"url": "https://github.com/trganda/dockerv "
},
{
"title": "https://github.com/girlkb/myVulnerabilityRecurrence",
"trust": 0.1,
"url": "https://github.com/girlkb/myVulnerabilityRecurrence "
},
{
"title": "https://github.com/woods-sega/woodswiki",
"trust": 0.1,
"url": "https://github.com/woods-sega/woodswiki "
},
{
"title": "Jok3r v3 beta",
"trust": 0.1,
"url": "https://github.com/virgilcj/jok3r "
},
{
"title": "https://github.com/Transmetal/jok3r",
"trust": 0.1,
"url": "https://github.com/Transmetal/jok3r "
},
{
"title": "Jok3r v3 beta",
"trust": 0.1,
"url": "https://github.com/84KaliPleXon3/jok3r "
},
{
"title": "Jok3r v3 beta",
"trust": 0.1,
"url": "https://github.com/koutto/jok3r "
},
{
"title": "https://github.com/password520/RedTeamer",
"trust": 0.1,
"url": "https://github.com/password520/RedTeamer "
},
{
"title": "https://github.com/klionsec/RedTeamer",
"trust": 0.1,
"url": "https://github.com/klionsec/RedTeamer "
},
{
"title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
},
{
"title": "Java-Deserialization-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/klausware/Java-Deserialization-Cheat-Sheet "
},
{
"title": "https://github.com/superfish9/pt",
"trust": 0.1,
"url": "https://github.com/superfish9/pt "
},
{
"title": "https://github.com/20142995/pocsuite3",
"trust": 0.1,
"url": "https://github.com/20142995/pocsuite3 "
},
{
"title": "Java-Deserialization-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet "
},
{
"title": "Java-Deserialization-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94463"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2016/dsa-3738"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-9.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:0456"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0457.html"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767684"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767676"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767656"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767644"
},
{
"trust": 1.7,
"url": "http://seclists.org/oss-sec/2016/q4/502"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037331"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:0455"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4557-1/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2016-8735"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6816"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6817"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8735"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92250735/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6817"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3415/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159413/ubuntu-security-notice-usn-4557-1.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6797"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6794"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6796"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5018"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0762"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8745"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2017-3431551.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9775"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9774"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-3177-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6325"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6325"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8735"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-1240"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-8745"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5018"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6796"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6816"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3092"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3092"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1240"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-0762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6794"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=49851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/joaomatosf/jexboss"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3177-2/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat8/8.0.37-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.45+dfsg-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4557-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/2435491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.1_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=3.1.0"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.9"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3177-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1659589"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-06T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94463"
},
{
"date": "2016-12-18T13:55:00",
"db": "PACKETSTORM",
"id": "140199"
},
{
"date": "2017-01-24T01:06:55",
"db": "PACKETSTORM",
"id": "140692"
},
{
"date": "2020-09-30T15:53:50",
"db": "PACKETSTORM",
"id": "159413"
},
{
"date": "2017-03-08T00:57:19",
"db": "PACKETSTORM",
"id": "141513"
},
{
"date": "2017-02-03T15:51:19",
"db": "PACKETSTORM",
"id": "140905"
},
{
"date": "2017-03-08T00:55:08",
"db": "PACKETSTORM",
"id": "141510"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2017-04-06T21:59:00.243000",
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"date": "2017-05-23T16:26:00",
"db": "BID",
"id": "94463"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"date": "2019-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2025-10-22T00:15:56.793000",
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat Updates for multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
],
"trust": 0.6
}
}
CERTFR-2026-AVI-0181
Vulnerability from certfr_avis - Published: 2026-02-18 - Updated: 2026-02-18
Une vulnérabilité a été découverte dans Apache Tomcat. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.18",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.115",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.52",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
}
],
"initial_release_date": "2026-02-18T00:00:00",
"last_revision_date": "2026-02-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0181",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apache Tomcat. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.115",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.115"
},
{
"published_at": "2026-01-26",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.18",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.18"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.52",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.52"
}
]
}
CERTFR-2025-AVI-0933
Vulnerability from certfr_avis - Published: 2025-10-28 - Updated: 2025-10-28
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.12",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.47",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.110",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
}
],
"initial_release_date": "2025-10-28T00:00:00",
"last_revision_date": "2025-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0933",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.12",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"
},
{
"published_at": "2025-10-06",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.110",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.47",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"
}
]
}
CVE-2026-24734 (GCVE-0-2026-24734)
Vulnerability from nvd – Published: 2026-02-17 18:53 – Updated: 2026-03-11 15:19
VLAI?
Title
Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
Summary
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.
When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.
This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.
The following versions were EOL at the time the CVE was created but are
known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected.
Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.
Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat Native |
Affected:
1.1.23 , ≤ 1.1.34
(semver)
Affected: 1.2.0 , ≤ 1.2.39 (semver) Affected: 1.3.0 , ≤ 1.3.4 (semver) Affected: 2.0.0 , ≤ 2.0.11 (semver) |
|||||||
|
|||||||||
Credits
Joshua Rogers (@MegaManSec)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-21T21:16:49.928042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:19:30.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat Native",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.1.34",
"status": "affected",
"version": "1.1.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.2.39",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.4",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.11",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.17",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.51",
"status": "affected",
"version": "10.1.0-M7",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.114",
"status": "affected",
"version": "9.0.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Rogers (@MegaManSec)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.\u003c/p\u003e\u003cp\u003eWhen using an OCSP responder, Tomcat Native (and Tomcat\u0027s FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat Native:\u0026nbsp; from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.\u0026nbsp;Older EOL versions are not affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eApache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.\u003c/p\u003eApache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.\u003cbr\u003e"
}
],
"value": "Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.\n\nWhen using an OCSP responder, Tomcat Native (and Tomcat\u0027s FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.\n\nThis issue affects Apache Tomcat Native:\u00a0 from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.\u00a0Older EOL versions are not affected.\n\nApache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.\n\nApache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T18:53:12.228Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-24734",
"datePublished": "2026-02-17T18:53:12.228Z",
"dateReserved": "2026-01-26T14:20:56.965Z",
"dateUpdated": "2026-03-11T15:19:30.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24733 (GCVE-0-2026-24733)
Vulnerability from nvd – Published: 2026-02-17 18:50 – Updated: 2026-03-11 15:19
VLAI?
Title
Apache Tomcat: Security constraint bypass with HTTP/0.9
Summary
Improper Input Validation vulnerability in Apache Tomcat.
Tomcat did not limit HTTP/0.9 requests to the GET method. If a security
constraint was configured to allow HEAD requests to a URI but deny GET
requests, the user could bypass that constraint on GET requests by
sending a (specification invalid) HEAD request using HTTP/0.9.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.
Older, EOL versions are also affected.
Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.14
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.49 (semver) Affected: 9.0.0.M1 , ≤ 9.0.112 (semver) Affected: 0 , ≤ 8.5.100 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-21T21:16:58.680222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:19:30.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.14",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.49",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.112",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Input Validation vulnerability in Apache Tomcat.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOlder, EOL versions are also affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T18:50:43.871Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/6xk3t65qpn1myp618krtfotbjn1qt90f"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Tomcat: Security constraint bypass with HTTP/0.9",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-24733",
"datePublished": "2026-02-17T18:50:43.871Z",
"dateReserved": "2026-01-26T13:59:00.422Z",
"dateUpdated": "2026-03-11T15:19:30.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66614 (GCVE-0-2025-66614)
Vulnerability from nvd – Published: 2026-02-17 18:48 – Updated: 2026-03-11 15:19
VLAI?
Title
Apache Tomcat: Client certificate verification bypass due to virtual host mapping
Summary
Improper Input Validation vulnerability.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.
Tomcat did not validate that the host name provided via the SNI
extension was the same as the host name provided in the HTTP host header
field. If Tomcat was configured with more than one virtual host and the
TLS configuration for one of those hosts did not require client
certificate authentication but another one did, it was possible for a
client to bypass the client certificate authentication by sending
different host names in the SNI extension and the HTTP host header field.
The vulnerability only applies if client certificate authentication is
only enforced at the Connector. It does not apply if client certificate
authentication is enforced at the web application.
Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.14
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.49 (semver) Affected: 9.0.0-M1 , ≤ 9.0.112 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unaffected: 0 , < 8.5.0 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-21T21:17:26.335968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:19:31.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.14",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.49",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.112",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Input Validation vulnerability.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\u003cbr\u003e\u003cp\u003eTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\u003cbr\u003e\n\u003cbr\u003eThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T18:48:30.577Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: Client certificate verification bypass due to virtual host mapping",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-66614",
"datePublished": "2026-02-17T18:48:30.577Z",
"dateReserved": "2025-12-05T11:54:31.778Z",
"dateUpdated": "2026-03-11T15:19:31.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61795 (GCVE-0-2025-61795)
Vulnerability from nvd – Published: 2025-10-27 17:30 – Updated: 2025-11-04 21:14
VLAI?
Title
Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS
Summary
Improper Resource Shutdown or Release vulnerability in Apache Tomcat.
If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.11
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.46 (semver) Affected: 9.0.0.M1 , ≤ 9.0.109 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
sw0rd1ight (https://github.com/sw0rd1ight)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T18:48:52.755946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:48:55.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:10.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.11",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.46",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.109",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "3",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "sw0rd1ight (https://github.com/sw0rd1ight)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Resource Shutdown or Release vulnerability in Apache Tomcat.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\u003c/p\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:37:45.872Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-61795",
"datePublished": "2025-10-27T17:30:28.334Z",
"dateReserved": "2025-10-01T09:20:53.155Z",
"dateUpdated": "2025-11-04T21:14:10.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55754 (GCVE-0-2025-55754)
Vulnerability from nvd – Published: 2025-10-27 17:29 – Updated: 2026-02-26 16:57
VLAI?
Title
Apache Tomcat: console manipulation via escape sequences in log messages
Summary
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
Severity ?
No CVSS data available.
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.10
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.44 (semver) Affected: 9.0.40 , ≤ 9.0.108 (semver) Affected: 8.5.60 , ≤ 8.5.100 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
Elysee Franchuk of MOBIA Technology Innovations
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T04:55:55.372090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:04.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:13:16.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/27/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.10",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.44",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.108",
"status": "affected",
"version": "9.0.40",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.60",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "3",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Elysee Franchuk of MOBIA Technology Innovations"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\u003c/p\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:38:25.256Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: console manipulation via escape sequences in log messages",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-55754",
"datePublished": "2025-10-27T17:29:50.756Z",
"dateReserved": "2025-08-15T11:26:40.520Z",
"dateUpdated": "2026-02-26T16:57:04.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24734 (GCVE-0-2026-24734)
Vulnerability from cvelistv5 – Published: 2026-02-17 18:53 – Updated: 2026-03-11 15:19
VLAI?
Title
Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
Summary
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.
When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.
This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.
The following versions were EOL at the time the CVE was created but are
known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected.
Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.
Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat Native |
Affected:
1.1.23 , ≤ 1.1.34
(semver)
Affected: 1.2.0 , ≤ 1.2.39 (semver) Affected: 1.3.0 , ≤ 1.3.4 (semver) Affected: 2.0.0 , ≤ 2.0.11 (semver) |
|||||||
|
|||||||||
Credits
Joshua Rogers (@MegaManSec)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-21T21:16:49.928042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:19:30.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat Native",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.1.34",
"status": "affected",
"version": "1.1.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.2.39",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.4",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.11",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.17",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.51",
"status": "affected",
"version": "10.1.0-M7",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.114",
"status": "affected",
"version": "9.0.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Rogers (@MegaManSec)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.\u003c/p\u003e\u003cp\u003eWhen using an OCSP responder, Tomcat Native (and Tomcat\u0027s FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat Native:\u0026nbsp; from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.\u0026nbsp;Older EOL versions are not affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eApache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.\u003c/p\u003eApache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.\u003cbr\u003e"
}
],
"value": "Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.\n\nWhen using an OCSP responder, Tomcat Native (and Tomcat\u0027s FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.\n\nThis issue affects Apache Tomcat Native:\u00a0 from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.\u00a0Older EOL versions are not affected.\n\nApache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.\n\nApache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T18:53:12.228Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-24734",
"datePublished": "2026-02-17T18:53:12.228Z",
"dateReserved": "2026-01-26T14:20:56.965Z",
"dateUpdated": "2026-03-11T15:19:30.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24733 (GCVE-0-2026-24733)
Vulnerability from cvelistv5 – Published: 2026-02-17 18:50 – Updated: 2026-03-11 15:19
VLAI?
Title
Apache Tomcat: Security constraint bypass with HTTP/0.9
Summary
Improper Input Validation vulnerability in Apache Tomcat.
Tomcat did not limit HTTP/0.9 requests to the GET method. If a security
constraint was configured to allow HEAD requests to a URI but deny GET
requests, the user could bypass that constraint on GET requests by
sending a (specification invalid) HEAD request using HTTP/0.9.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.
Older, EOL versions are also affected.
Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.14
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.49 (semver) Affected: 9.0.0.M1 , ≤ 9.0.112 (semver) Affected: 0 , ≤ 8.5.100 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-21T21:16:58.680222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:19:30.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.14",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.49",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.112",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Input Validation vulnerability in Apache Tomcat.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOlder, EOL versions are also affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T18:50:43.871Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/6xk3t65qpn1myp618krtfotbjn1qt90f"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Tomcat: Security constraint bypass with HTTP/0.9",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-24733",
"datePublished": "2026-02-17T18:50:43.871Z",
"dateReserved": "2026-01-26T13:59:00.422Z",
"dateUpdated": "2026-03-11T15:19:30.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66614 (GCVE-0-2025-66614)
Vulnerability from cvelistv5 – Published: 2026-02-17 18:48 – Updated: 2026-03-11 15:19
VLAI?
Title
Apache Tomcat: Client certificate verification bypass due to virtual host mapping
Summary
Improper Input Validation vulnerability.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.
Tomcat did not validate that the host name provided via the SNI
extension was the same as the host name provided in the HTTP host header
field. If Tomcat was configured with more than one virtual host and the
TLS configuration for one of those hosts did not require client
certificate authentication but another one did, it was possible for a
client to bypass the client certificate authentication by sending
different host names in the SNI extension and the HTTP host header field.
The vulnerability only applies if client certificate authentication is
only enforced at the Connector. It does not apply if client certificate
authentication is enforced at the web application.
Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.14
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.49 (semver) Affected: 9.0.0-M1 , ≤ 9.0.112 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unaffected: 0 , < 8.5.0 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-21T21:17:26.335968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:19:31.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.14",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.49",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.112",
"status": "affected",
"version": "9.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Input Validation vulnerability.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\u003cbr\u003e\u003cp\u003eTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\u003cbr\u003e\n\u003cbr\u003eThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T18:48:30.577Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: Client certificate verification bypass due to virtual host mapping",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-66614",
"datePublished": "2026-02-17T18:48:30.577Z",
"dateReserved": "2025-12-05T11:54:31.778Z",
"dateUpdated": "2026-03-11T15:19:31.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}