Search

Find a vulnerability

Search criteria

    92 vulnerabilities by ruby

    CVE-2026-54696 (GCVE-0-2026-54696)

    Vulnerability from nvd – Published: 2026-06-30 22:05 – Updated: 2026-07-01 13:20
    VLAI
    Title
    Ruby JSON: JSON generator heap buffer overflow when streaming to an IO
    Summary
    Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io) and JSON::State#generate(obj, io) can write past the internal JSON generator buffer when a streamed object contains an attacker-controlled string near 16 KB. Exploitation would result in a reliable process crash/denial of service. This issue has been fixed in version 2.19.9.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-131 - Incorrect Calculation of Buffer Size
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby json Affected: >= 2.9.0, < 2.19.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54696",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:20:35.390078Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:20:56.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "json",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.9.0, \u003c 2.19.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io) and JSON::State#generate(obj, io) can write past the internal JSON generator buffer when a streamed object contains an\nattacker-controlled string near 16 KB. Exploitation would result in a reliable process crash/denial of service. This issue has been fixed in version 2.19.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131: Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:05:48.347Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687"
            },
            {
              "name": "https://github.com/ruby/json/releases/tag/v2.19.9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/json/releases/tag/v2.19.9"
            }
          ],
          "source": {
            "advisory": "GHSA-x2f5-4prf-w687",
            "discovery": "UNKNOWN"
          },
          "title": "Ruby JSON: JSON generator heap buffer overflow when streaming to an IO"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54696",
        "datePublished": "2026-06-30T22:05:48.347Z",
        "dateReserved": "2026-06-15T22:58:06.562Z",
        "dateUpdated": "2026-07-01T13:20:56.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47242 (GCVE-0-2026-47242)

    Vulnerability from nvd – Published: 2026-06-22 20:19 – Updated: 2026-06-23 12:06
    VLAI
    Title
    Net::IMAP: Command Injection via ID command argument
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called with a hash argument, although the ID field value strings are correctly quoted (escaping quoted specials), they were not validated to prohibit CRLF sequences. While Net::IMAP#enable does process its arguments for aliases, it does not validate them as valid atoms (or as a list of valid atoms). The #to_s value is sent verbatim. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. This vulnerability is fixed in 0.6.5 and 0.5.15.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: >= 0.6.0, < 0.6.4.1
    Affected: < 0.5.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T12:06:42.230852Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T12:06:49.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 0.5.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called with a hash argument, although the ID field value strings are correctly quoted (escaping quoted specials), they were not validated to prohibit CRLF sequences. While Net::IMAP#enable does process its arguments for aliases, it does not validate them as valid atoms (or as a list of valid atoms). The #to_s value is sent verbatim. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. This vulnerability is fixed in 0.6.5 and 0.5.15."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T20:19:41.222Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-46q3-7gv7-qmgg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-46q3-7gv7-qmgg"
            }
          ],
          "source": {
            "advisory": "GHSA-46q3-7gv7-qmgg",
            "discovery": "UNKNOWN"
          },
          "title": "Net::IMAP: Command Injection via ID command argument"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-47242",
        "datePublished": "2026-06-22T20:19:41.222Z",
        "dateReserved": "2026-05-18T22:54:18.272Z",
        "dateUpdated": "2026-06-23T12:06:49.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47241 (GCVE-0-2026-47241)

    Vulnerability from nvd – Published: 2026-06-22 20:11 – Updated: 2026-06-23 14:16
    VLAI
    Title
    Net::IMAP: Denial of Service via incomplete raw argument validation
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will cause the first command to eventually fail, but also prevents it from returning until another command is sent (from another thread). That other command will not return until the connection is closed. This vulnerability is fixed in 0.6.5 and 0.5.15.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-162 - Improper Neutralization of Trailing Special Elements
    • CWE-182 - Collapse of Data into Unsafe Value
    • CWE-186 - Overly Restrictive Regular Expression
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: >= 0.6.0, < 0.6.4.1
    Affected: < 0.5.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T14:16:22.874467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T14:16:32.846Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 0.5.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will cause the first command to eventually fail, but also prevents it from returning until another command is sent (from another thread). That other command will not return until the connection is closed. This vulnerability is fixed in 0.6.5 and 0.5.15."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-162",
                  "description": "CWE-162: Improper Neutralization of Trailing Special Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-182",
                  "description": "CWE-182: Collapse of Data into Unsafe Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-186",
                  "description": "CWE-186: Overly Restrictive Regular Expression",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T20:11:04.329Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66"
            }
          ],
          "source": {
            "advisory": "GHSA-c4fp-cxrr-mj66",
            "discovery": "UNKNOWN"
          },
          "title": "Net::IMAP: Denial of Service via incomplete raw argument validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-47241",
        "datePublished": "2026-06-22T20:11:04.329Z",
        "dateReserved": "2026-05-18T22:54:18.272Z",
        "dateUpdated": "2026-06-23T14:16:32.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47240 (GCVE-0-2026-47240)

    Vulnerability from nvd – Published: 2026-06-22 20:17 – Updated: 2026-06-23 15:06
    VLAI
    Title
    Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. A server without support for non-synchronizing literals may interpret the "+}\r\n" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: >= 0.6.0, < 0.6.4.1
    Affected: < 0.5.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T14:52:09.927243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T15:06:33.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 0.5.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a \"raw data\" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals.  A server without support for non-synchronizing literals may interpret the \"+}\\r\\n\" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T20:17:15.376Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8"
            }
          ],
          "source": {
            "advisory": "GHSA-8p34-64r3-mwg8",
            "discovery": "UNKNOWN"
          },
          "title": "Net::IMAP: Command Injection via non-synchronizing literal in \"raw\" argument"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-47240",
        "datePublished": "2026-06-22T20:17:15.376Z",
        "dateReserved": "2026-05-18T22:54:18.272Z",
        "dateUpdated": "2026-06-23T15:06:33.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42258 (GCVE-0-2026-42258)

    Vulnerability from nvd – Published: 2026-05-09 19:40 – Updated: 2026-07-10 12:05
    VLAI
    Title
    net-imap: Command Injection via unvalidated Symbol inputs
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    References
    URL Tags
    https://github.com/ruby/net-imap/security/advisor… x_refsource_CONFIRM
    https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.6.4 x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-42258 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2468498 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:37397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35895 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33540 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33514 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33515 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35867 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35834 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37238 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33577 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:57:16.635329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:57:24.039Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T19:40:49.405Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful exploitation could lead to unauthorized actions on the IMAP server or client, potentially resulting in information disclosure or other integrity impacts."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-93",
                    "description": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:48.226Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42258"
              },
              {
                "name": "RHBZ#2468498",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468498"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42258.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37397"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35895"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33540"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33514"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33515"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35866"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35867"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35834"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33630"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36099"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33462"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37238"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33512"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33576"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33577"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:37397: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35895: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33565: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33540: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33514: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33515: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35866: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35867: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34076: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35834: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33630: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36099: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33462: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37238: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33512: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33576: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33577: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T20:01:01.698Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T19:40:49.405Z",
                "value": "Made public."
              }
            ],
            "title": "ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:40:49.405Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
            }
          ],
          "source": {
            "advisory": "GHSA-75xq-5h9v-w6px",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap: Command Injection via unvalidated Symbol inputs"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42258",
        "datePublished": "2026-05-09T19:40:49.405Z",
        "dateReserved": "2026-04-26T11:53:27.704Z",
        "dateUpdated": "2026-07-10T12:05:48.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42257 (GCVE-0-2026-42257)

    Vulnerability from nvd – Published: 2026-05-09 19:39 – Updated: 2026-05-13 19:33
    VLAI
    Title
    net-imap: Command Injection via "raw" arguments to multiple commands
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42257",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T19:27:16.888782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T19:33:13.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:39:48.398Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
            }
          ],
          "source": {
            "advisory": "GHSA-hm49-wcqc-g2xg",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap: Command Injection via \"raw\" arguments to multiple commands"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42257",
        "datePublished": "2026-05-09T19:39:48.398Z",
        "dateReserved": "2026-04-26T11:53:27.704Z",
        "dateUpdated": "2026-05-13T19:33:13.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42256 (GCVE-0-2026-42256)

    Vulnerability from nvd – Published: 2026-05-09 19:38 – Updated: 2026-05-11 17:04
    VLAI
    Title
    net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1322 - Use of Blocking Code in Single-threaded, Non-blocking Context
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: >= 0.4.0, < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42256",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T17:04:26.784816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T17:04:42.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.4.0, \u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1322",
                  "description": "CWE-1322: Use of Blocking Code in Single-threaded, Non-blocking Context",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:38:33.106Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
            }
          ],
          "source": {
            "advisory": "GHSA-87pf-fpwv-p7m7",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap: Denial of service via high iteration count for `SCRAM-*` authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42256",
        "datePublished": "2026-05-09T19:38:33.106Z",
        "dateReserved": "2026-04-26T11:53:27.704Z",
        "dateUpdated": "2026-05-11T17:04:42.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42246 (GCVE-0-2026-42246)

    Vulnerability from nvd – Published: 2026-05-09 19:33 – Updated: 2026-07-10 12:05
    VLAI
    Title
    net-imap vulnerable to STARTTLS stripping via invalid response timing
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-392 - Missing Report of Error Condition
    • CWE-393 - Return of Wrong Status Code
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    • CWE-636 - Not Failing Securely ('Failing Open')
    • CWE-841 - Improper Enforcement of Behavioral Workflow
    • CWE-325 - Missing Cryptographic Step
    Assigner
    References
    URL Tags
    https://github.com/ruby/net-imap/security/advisor… x_refsource_CONFIRM
    https://github.com/ruby/net-imap/commit/0ede4c40b… x_refsource_MISC
    https://github.com/ruby/net-imap/commit/24a4e770b… x_refsource_MISC
    https://github.com/ruby/net-imap/commit/97e2488fb… x_refsource_MISC
    https://github.com/ruby/net-imap/commit/f79d35bf5… x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.3.10 x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-42246 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2468499 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:37397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35895 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33540 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33514 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33515 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35867 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35834 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37238 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33721 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33552 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33551 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: < 0.3.10
    Affected: >= 0.4.0, < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T02:29:05.120225Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T02:29:15.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T19:33:17.880Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAP#starttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle (MITM) attacker can inject a predicted tagged OK response before the client completes the STARTTLS command, causing the operation to appear successful without establishing a TLS session. As a result, the connection may continue to transmit sensitive information in cleartext and enable modification of data exchanged over the affected connection, while the application incorrectly believes that encryption has been enabled."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-325",
                    "description": "Missing Cryptographic Step",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:48.523Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42246"
              },
              {
                "name": "RHBZ#2468499",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468499"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42246.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37397"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35895"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33540"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33514"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33515"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35866"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35867"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35834"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33630"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36099"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33462"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37238"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33512"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33576"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33721"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33552"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33551"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:37397: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35895: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33565: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33540: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33514: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33515: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35866: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35867: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34076: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35834: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33630: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36099: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33462: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37238: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33512: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33576: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33577: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33721: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33552: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33551: Red Hat Hardened Images"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T20:01:04.782Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T19:33:17.880Z",
                "value": "Made public."
              }
            ],
            "title": "net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS",
            "workarounds": [
              {
                "lang": "en",
                "value": "As a temporary workaround, Users are strongly encouraged to switch from explicit TLS upgrading mechanisms (STARTTLS on port 143) to Implicit TLS connections (such as IMAPS on port 993).\n\nBy enforcing implicit TLS via port 993 from the initial socket creation step, the connection is mathematically protected against packet injection and connection degradation tactics entirely, bypassing the vulnerable implementation path."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.3.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.4.0, \u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return \"successfully\", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-392",
                  "description": "CWE-392: Missing Report of Error Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-393",
                  "description": "CWE-393: Return of Wrong Status Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-636",
                  "description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-841",
                  "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:33:17.880Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.3.10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.3.10"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            }
          ],
          "source": {
            "advisory": "GHSA-vcgp-9326-pqcp",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap vulnerable to STARTTLS stripping via invalid response timing"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42246",
        "datePublished": "2026-05-09T19:33:17.880Z",
        "dateReserved": "2026-04-25T05:37:12.118Z",
        "dateUpdated": "2026-07-10T12:05:48.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42245 (GCVE-0-2026-42245)

    Vulnerability from nvd – Published: 2026-05-09 19:37 – Updated: 2026-05-12 18:30
    VLAI
    Title
    net-imap: Quadratic complexity when reading response literals
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    Assigner
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:53:55.917796Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:30:58.415Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client\u0027s CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407: Inefficient Algorithmic Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:37:08.905Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
            }
          ],
          "source": {
            "advisory": "GHSA-q2mw-fvj9-vvcw",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap: Quadratic complexity when reading response literals"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42245",
        "datePublished": "2026-05-09T19:37:08.905Z",
        "dateReserved": "2026-04-25T05:37:12.118Z",
        "dateUpdated": "2026-05-12T18:30:58.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41316 (GCVE-0-2026-41316)

    Vulnerability from nvd – Published: 2026-04-24 02:35 – Updated: 2026-07-10 12:05
    VLAI
    Title
    ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
    Summary
    ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    URL Tags
    https://github.com/ruby/erb/security/advisories/G… x_refsource_CONFIRM
    https://access.redhat.com/security/cve/CVE-2026-41316 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2461369 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:33478 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18065 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20606 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20614 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20670 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35834 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26312 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26655 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37238 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18039 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18030 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20596 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    ruby erb Affected: < 4.0.3.1
    Affected: = 4.0.4
    Affected: >= 5.0.0, < 6.0.1.1
    Affected: >= 6.0.2, < 6.0.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-25T01:45:02.467085Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-25T01:45:43.173Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-24T02:35:41.160Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source code, which were not properly guarded against deserialization attacks."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:56.151Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-41316"
              },
              {
                "name": "RHBZ#2461369",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461369"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41316.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33478"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18065"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20606"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20614"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20670"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35834"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26312"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26655"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33462"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37238"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18039"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18030"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20596"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:33478: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18065: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20606: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20614: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20670: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35834: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26312: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26655: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33462: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37238: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18039: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18030: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20596: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-24T03:01:16.620Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-24T02:35:41.160Z",
                "value": "Made public."
              }
            ],
            "title": "erb: ERB: Arbitrary code execution via deserialization bypass",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "erb",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.0.3.1"
                },
                {
                  "status": "affected",
                  "version": "= 4.0.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 5.0.0, \u003c 6.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.0.2, \u003c 6.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-24T02:35:41.160Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/erb/security/advisories/GHSA-q339-8rmv-2mhv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/erb/security/advisories/GHSA-q339-8rmv-2mhv"
            }
          ],
          "source": {
            "advisory": "GHSA-q339-8rmv-2mhv",
            "discovery": "UNKNOWN"
          },
          "title": "ERB has an @_init deserialization guard bypass via def_module / def_method / def_class"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-41316",
        "datePublished": "2026-04-24T02:35:41.160Z",
        "dateReserved": "2026-04-20T14:01:46.671Z",
        "dateUpdated": "2026-07-10T12:05:56.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27820 (GCVE-0-2026-27820)

    Vulnerability from nvd – Published: 2026-04-16 17:27 – Updated: 2026-04-16 18:20
    VLAI
    Title
    zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
    Summary
    zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby zlib Affected: < 3.0.1
    Affected: >= 3.1.0, < 3.1.2
    Affected: >= 3.2.0, < 3.2.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27820",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T18:20:13.051389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T18:20:21.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "zlib",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.0, \u003c 3.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.2.0, \u003c 3.2.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131: Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T17:27:48.944Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w"
            },
            {
              "name": "https://hackerone.com/reports/3467067",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/3467067"
            }
          ],
          "source": {
            "advisory": "GHSA-g857-hhfv-j68w",
            "discovery": "UNKNOWN"
          },
          "title": "zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-27820",
        "datePublished": "2026-04-16T17:27:48.944Z",
        "dateReserved": "2026-02-24T02:32:39.799Z",
        "dateUpdated": "2026-04-16T18:20:21.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33210 (GCVE-0-2026-33210)

    Vulnerability from nvd – Published: 2026-03-20 22:57 – Updated: 2026-06-30 12:07
    VLAI
    Title
    Ruby JSON has a format string injection vulnerability
    Summary
    Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Use of Externally-Controlled Format String
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-23T21:01:54.342811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-23T21:41:29.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:5"
                ],
                "defaultStatus": "unaffected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_clients:2023"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat AMQ Clients",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-20T22:57:08.758Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service (DoS) or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allow_duplicate_key: false parsing option enabled."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-134",
                    "description": "Use of Externally-Controlled Format String",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:37.618Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-33210"
              },
              {
                "name": "RHBZ#2449871",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449871"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33210.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20606"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20596"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:20606: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20596: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-21T00:01:40.435Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-20T22:57:08.758Z",
                "value": "Made public."
              }
            ],
            "title": "ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "json",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0, \u003c 2.15.2.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.16.0, \u003c 2.17.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.18.0, \u003c 2.19.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134: Use of Externally-Controlled Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-20T22:57:08.758Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3"
            }
          ],
          "source": {
            "advisory": "GHSA-3m6g-2423-7cp3",
            "discovery": "UNKNOWN"
          },
          "title": "Ruby JSON has a format string injection vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33210",
        "datePublished": "2026-03-20T22:57:08.758Z",
        "dateReserved": "2026-03-17T23:23:58.313Z",
        "dateUpdated": "2026-06-30T12:07:37.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-61594 (GCVE-0-2025-61594)

    Vulnerability from nvd – Published: 2025-12-30 21:03 – Updated: 2026-04-16 17:02
    VLAI
    Title
    URI Credential Leakage Bypass over CVE-2025-27221
    Summary
    URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    Assigner
    Impacted products
    Vendor Product Version
    ruby uri Affected: < 0.12.5
    Affected: >= 0.13.0, < 0.13.3
    Affected: >= 1.0.0, < 1.0.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-61594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T21:29:32.513492Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T21:29:39.048Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "uri",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.12.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.13.0, \u003c 0.13.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.0, \u003c 1.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T17:02:32.149Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/uri/security/advisories/GHSA-j4pr-3wm6-xx2r",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/uri/security/advisories/GHSA-j4pr-3wm6-xx2r"
            },
            {
              "name": "https://hackerone.com/reports/2957667",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/2957667"
            },
            {
              "name": "https://github.com/advisories/GHSA-22h5-pq3x-2gf2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/advisories/GHSA-22h5-pq3x-2gf2"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2025/02/26/security-advisories",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ruby-lang.org/en/news/2025/02/26/security-advisories"
            }
          ],
          "source": {
            "advisory": "GHSA-j4pr-3wm6-xx2r",
            "discovery": "UNKNOWN"
          },
          "title": "URI Credential Leakage Bypass over CVE-2025-27221"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-61594",
        "datePublished": "2025-12-30T21:03:08.990Z",
        "dateReserved": "2025-09-26T16:25:25.150Z",
        "dateUpdated": "2026-04-16T17:02:32.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54696 (GCVE-0-2026-54696)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:05 – Updated: 2026-07-01 13:20
    VLAI
    Title
    Ruby JSON: JSON generator heap buffer overflow when streaming to an IO
    Summary
    Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io) and JSON::State#generate(obj, io) can write past the internal JSON generator buffer when a streamed object contains an attacker-controlled string near 16 KB. Exploitation would result in a reliable process crash/denial of service. This issue has been fixed in version 2.19.9.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-131 - Incorrect Calculation of Buffer Size
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby json Affected: >= 2.9.0, < 2.19.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54696",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:20:35.390078Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:20:56.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "json",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.9.0, \u003c 2.19.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dump(obj, io) and JSON::State#generate(obj, io) can write past the internal JSON generator buffer when a streamed object contains an\nattacker-controlled string near 16 KB. Exploitation would result in a reliable process crash/denial of service. This issue has been fixed in version 2.19.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131: Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:05:48.347Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687"
            },
            {
              "name": "https://github.com/ruby/json/releases/tag/v2.19.9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/json/releases/tag/v2.19.9"
            }
          ],
          "source": {
            "advisory": "GHSA-x2f5-4prf-w687",
            "discovery": "UNKNOWN"
          },
          "title": "Ruby JSON: JSON generator heap buffer overflow when streaming to an IO"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54696",
        "datePublished": "2026-06-30T22:05:48.347Z",
        "dateReserved": "2026-06-15T22:58:06.562Z",
        "dateUpdated": "2026-07-01T13:20:56.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47242 (GCVE-0-2026-47242)

    Vulnerability from cvelistv5 – Published: 2026-06-22 20:19 – Updated: 2026-06-23 12:06
    VLAI
    Title
    Net::IMAP: Command Injection via ID command argument
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called with a hash argument, although the ID field value strings are correctly quoted (escaping quoted specials), they were not validated to prohibit CRLF sequences. While Net::IMAP#enable does process its arguments for aliases, it does not validate them as valid atoms (or as a list of valid atoms). The #to_s value is sent verbatim. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. This vulnerability is fixed in 0.6.5 and 0.5.15.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: >= 0.6.0, < 0.6.4.1
    Affected: < 0.5.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T12:06:42.230852Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T12:06:49.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 0.5.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called with a hash argument, although the ID field value strings are correctly quoted (escaping quoted specials), they were not validated to prohibit CRLF sequences. While Net::IMAP#enable does process its arguments for aliases, it does not validate them as valid atoms (or as a list of valid atoms). The #to_s value is sent verbatim. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. This vulnerability is fixed in 0.6.5 and 0.5.15."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T20:19:41.222Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-46q3-7gv7-qmgg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-46q3-7gv7-qmgg"
            }
          ],
          "source": {
            "advisory": "GHSA-46q3-7gv7-qmgg",
            "discovery": "UNKNOWN"
          },
          "title": "Net::IMAP: Command Injection via ID command argument"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-47242",
        "datePublished": "2026-06-22T20:19:41.222Z",
        "dateReserved": "2026-05-18T22:54:18.272Z",
        "dateUpdated": "2026-06-23T12:06:49.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47240 (GCVE-0-2026-47240)

    Vulnerability from cvelistv5 – Published: 2026-06-22 20:17 – Updated: 2026-06-23 15:06
    VLAI
    Title
    Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. A server without support for non-synchronizing literals may interpret the "+}\r\n" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: >= 0.6.0, < 0.6.4.1
    Affected: < 0.5.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T14:52:09.927243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T15:06:33.819Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 0.5.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a \"raw data\" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals.  A server without support for non-synchronizing literals may interpret the \"+}\\r\\n\" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T20:17:15.376Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8"
            }
          ],
          "source": {
            "advisory": "GHSA-8p34-64r3-mwg8",
            "discovery": "UNKNOWN"
          },
          "title": "Net::IMAP: Command Injection via non-synchronizing literal in \"raw\" argument"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-47240",
        "datePublished": "2026-06-22T20:17:15.376Z",
        "dateReserved": "2026-05-18T22:54:18.272Z",
        "dateUpdated": "2026-06-23T15:06:33.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47241 (GCVE-0-2026-47241)

    Vulnerability from cvelistv5 – Published: 2026-06-22 20:11 – Updated: 2026-06-23 14:16
    VLAI
    Title
    Net::IMAP: Denial of Service via incomplete raw argument validation
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will cause the first command to eventually fail, but also prevents it from returning until another command is sent (from another thread). That other command will not return until the connection is closed. This vulnerability is fixed in 0.6.5 and 0.5.15.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-162 - Improper Neutralization of Trailing Special Elements
    • CWE-182 - Collapse of Data into Unsafe Value
    • CWE-186 - Overly Restrictive Regular Expression
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: >= 0.6.0, < 0.6.4.1
    Affected: < 0.5.15
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T14:16:22.874467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T14:16:32.846Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 0.5.15"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will cause the first command to eventually fail, but also prevents it from returning until another command is sent (from another thread). That other command will not return until the connection is closed. This vulnerability is fixed in 0.6.5 and 0.5.15."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-162",
                  "description": "CWE-162: Improper Neutralization of Trailing Special Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-182",
                  "description": "CWE-182: Collapse of Data into Unsafe Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-186",
                  "description": "CWE-186: Overly Restrictive Regular Expression",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T20:11:04.329Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66"
            }
          ],
          "source": {
            "advisory": "GHSA-c4fp-cxrr-mj66",
            "discovery": "UNKNOWN"
          },
          "title": "Net::IMAP: Denial of Service via incomplete raw argument validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-47241",
        "datePublished": "2026-06-22T20:11:04.329Z",
        "dateReserved": "2026-05-18T22:54:18.272Z",
        "dateUpdated": "2026-06-23T14:16:32.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42258 (GCVE-0-2026-42258)

    Vulnerability from cvelistv5 – Published: 2026-05-09 19:40 – Updated: 2026-07-10 12:05
    VLAI
    Title
    net-imap: Command Injection via unvalidated Symbol inputs
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    Assigner
    References
    URL Tags
    https://github.com/ruby/net-imap/security/advisor… x_refsource_CONFIRM
    https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.6.4 x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-42258 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2468498 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:37397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35895 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33540 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33514 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33515 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35867 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35834 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37238 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33577 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:57:16.635329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:57:24.039Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T19:40:49.405Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful exploitation could lead to unauthorized actions on the IMAP server or client, potentially resulting in information disclosure or other integrity impacts."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-93",
                    "description": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:48.226Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42258"
              },
              {
                "name": "RHBZ#2468498",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468498"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42258.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37397"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35895"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33540"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33514"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33515"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35866"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35867"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35834"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33630"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36099"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33462"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37238"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33512"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33576"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33577"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:37397: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35895: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33565: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33540: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33514: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33515: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35866: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35867: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34076: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35834: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33630: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36099: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33462: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37238: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33512: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33576: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33577: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T20:01:01.698Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T19:40:49.405Z",
                "value": "Made public."
              }
            ],
            "title": "ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:40:49.405Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
            }
          ],
          "source": {
            "advisory": "GHSA-75xq-5h9v-w6px",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap: Command Injection via unvalidated Symbol inputs"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42258",
        "datePublished": "2026-05-09T19:40:49.405Z",
        "dateReserved": "2026-04-26T11:53:27.704Z",
        "dateUpdated": "2026-07-10T12:05:48.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42257 (GCVE-0-2026-42257)

    Vulnerability from cvelistv5 – Published: 2026-05-09 19:39 – Updated: 2026-05-13 19:33
    VLAI
    Title
    net-imap: Command Injection via "raw" arguments to multiple commands
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42257",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T19:27:16.888782Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T19:33:13.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:39:48.398Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
            }
          ],
          "source": {
            "advisory": "GHSA-hm49-wcqc-g2xg",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap: Command Injection via \"raw\" arguments to multiple commands"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42257",
        "datePublished": "2026-05-09T19:39:48.398Z",
        "dateReserved": "2026-04-26T11:53:27.704Z",
        "dateUpdated": "2026-05-13T19:33:13.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42256 (GCVE-0-2026-42256)

    Vulnerability from cvelistv5 – Published: 2026-05-09 19:38 – Updated: 2026-05-11 17:04
    VLAI
    Title
    net-imap: Denial of service via high iteration count for `SCRAM-*` authentication
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1322 - Use of Blocking Code in Single-threaded, Non-blocking Context
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: >= 0.4.0, < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42256",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T17:04:26.784816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T17:04:42.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.4.0, \u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1322",
                  "description": "CWE-1322: Use of Blocking Code in Single-threaded, Non-blocking Context",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:38:33.106Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
            }
          ],
          "source": {
            "advisory": "GHSA-87pf-fpwv-p7m7",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap: Denial of service via high iteration count for `SCRAM-*` authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42256",
        "datePublished": "2026-05-09T19:38:33.106Z",
        "dateReserved": "2026-04-26T11:53:27.704Z",
        "dateUpdated": "2026-05-11T17:04:42.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42245 (GCVE-0-2026-42245)

    Vulnerability from cvelistv5 – Published: 2026-05-09 19:37 – Updated: 2026-05-12 18:30
    VLAI
    Title
    net-imap: Quadratic complexity when reading response literals
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-407 - Inefficient Algorithmic Complexity
    Assigner
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:53:55.917796Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T18:30:58.415Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client\u0027s CPU for a denial of service attack. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-407",
                  "description": "CWE-407: Inefficient Algorithmic Complexity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:37:08.905Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
            }
          ],
          "source": {
            "advisory": "GHSA-q2mw-fvj9-vvcw",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap: Quadratic complexity when reading response literals"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42245",
        "datePublished": "2026-05-09T19:37:08.905Z",
        "dateReserved": "2026-04-25T05:37:12.118Z",
        "dateUpdated": "2026-05-12T18:30:58.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42246 (GCVE-0-2026-42246)

    Vulnerability from cvelistv5 – Published: 2026-05-09 19:33 – Updated: 2026-07-10 12:05
    VLAI
    Title
    net-imap vulnerable to STARTTLS stripping via invalid response timing
    Summary
    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-392 - Missing Report of Error Condition
    • CWE-393 - Return of Wrong Status Code
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    • CWE-636 - Not Failing Securely ('Failing Open')
    • CWE-841 - Improper Enforcement of Behavioral Workflow
    • CWE-325 - Missing Cryptographic Step
    Assigner
    References
    URL Tags
    https://github.com/ruby/net-imap/security/advisor… x_refsource_CONFIRM
    https://github.com/ruby/net-imap/commit/0ede4c40b… x_refsource_MISC
    https://github.com/ruby/net-imap/commit/24a4e770b… x_refsource_MISC
    https://github.com/ruby/net-imap/commit/97e2488fb… x_refsource_MISC
    https://github.com/ruby/net-imap/commit/f79d35bf5… x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.3.10 x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
    https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-42246 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2468499 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:37397 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35895 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33540 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33514 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33515 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35866 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35867 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35834 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37238 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33512 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33721 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33552 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33551 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    ruby net-imap Affected: < 0.3.10
    Affected: >= 0.4.0, < 0.4.24
    Affected: >= 0.5.0, < 0.5.14
    Affected: >= 0.6.0, < 0.6.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)     cpe:/a:redhat:rhel_eus_long_life:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T02:29:05.120225Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T02:29:15.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-09T19:33:17.880Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAP#starttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle (MITM) attacker can inject a predicted tagged OK response before the client completes the STARTTLS command, causing the operation to appear successful without establishing a TLS session. As a result, the connection may continue to transmit sensitive information in cleartext and enable modification of data exchanged over the affected connection, while the application incorrectly believes that encryption has been enabled."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-325",
                    "description": "Missing Cryptographic Step",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:48.523Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42246"
              },
              {
                "name": "RHBZ#2468499",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468499"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42246.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37397"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35895"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33540"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33514"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33515"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35866"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35867"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34076"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35834"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33630"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36099"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33462"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37238"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33512"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33576"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33721"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33552"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33551"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:37397: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35895: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33565: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33540: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33514: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33515: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35866: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35867: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34076: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35834: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33630: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36099: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33462: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37238: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33512: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33576: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33577: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33721: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33552: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33551: Red Hat Hardened Images"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-09T20:01:04.782Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-09T19:33:17.880Z",
                "value": "Made public."
              }
            ],
            "title": "net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS",
            "workarounds": [
              {
                "lang": "en",
                "value": "As a temporary workaround, Users are strongly encouraged to switch from explicit TLS upgrading mechanisms (STARTTLS on port 143) to Implicit TLS connections (such as IMAPS on port 993).\n\nBy enforcing implicit TLS via port 993 from the initial socket creation step, the connection is mathematically protected against packet injection and connection degradation tactics entirely, bypassing the vulnerable implementation path."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "net-imap",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.3.10"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.4.0, \u003c 0.4.24"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0, \u003c 0.5.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.6.0, \u003c 0.6.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return \"successfully\", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-392",
                  "description": "CWE-392: Missing Report of Error Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-393",
                  "description": "CWE-393: Return of Wrong Status Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-636",
                  "description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-841",
                  "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T19:33:17.880Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c"
            },
            {
              "name": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.3.10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.3.10"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
            },
            {
              "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
            }
          ],
          "source": {
            "advisory": "GHSA-vcgp-9326-pqcp",
            "discovery": "UNKNOWN"
          },
          "title": "net-imap vulnerable to STARTTLS stripping via invalid response timing"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42246",
        "datePublished": "2026-05-09T19:33:17.880Z",
        "dateReserved": "2026-04-25T05:37:12.118Z",
        "dateUpdated": "2026-07-10T12:05:48.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41316 (GCVE-0-2026-41316)

    Vulnerability from cvelistv5 – Published: 2026-04-24 02:35 – Updated: 2026-07-10 12:05
    VLAI
    Title
    ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
    Summary
    ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    URL Tags
    https://github.com/ruby/erb/security/advisories/G… x_refsource_CONFIRM
    https://access.redhat.com/security/cve/CVE-2026-41316 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2461369 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:33478 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18065 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20606 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20614 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20670 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35834 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26312 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26655 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37238 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18039 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18030 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20596 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    ruby erb Affected: < 4.0.3.1
    Affected: = 4.0.4
    Affected: >= 5.0.0, < 6.0.1.1
    Affected: >= 6.0.2, < 6.0.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-25T01:45:02.467085Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-25T01:45:43.173Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-24T02:35:41.160Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source code, which were not properly guarded against deserialization attacks."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:56.151Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-41316"
              },
              {
                "name": "RHBZ#2461369",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461369"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41316.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33478"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18065"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20606"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20614"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20670"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35834"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26312"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26655"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33462"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37238"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18039"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18030"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20596"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:33478: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18065: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20606: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20614: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20670: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35834: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26312: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26655: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33462: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37238: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18039: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18030: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20596: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-24T03:01:16.620Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-24T02:35:41.160Z",
                "value": "Made public."
              }
            ],
            "title": "erb: ERB: Arbitrary code execution via deserialization bypass",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "erb",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.0.3.1"
                },
                {
                  "status": "affected",
                  "version": "= 4.0.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 5.0.0, \u003c 6.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 6.0.2, \u003c 6.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693: Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-24T02:35:41.160Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/erb/security/advisories/GHSA-q339-8rmv-2mhv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/erb/security/advisories/GHSA-q339-8rmv-2mhv"
            }
          ],
          "source": {
            "advisory": "GHSA-q339-8rmv-2mhv",
            "discovery": "UNKNOWN"
          },
          "title": "ERB has an @_init deserialization guard bypass via def_module / def_method / def_class"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-41316",
        "datePublished": "2026-04-24T02:35:41.160Z",
        "dateReserved": "2026-04-20T14:01:46.671Z",
        "dateUpdated": "2026-07-10T12:05:56.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27820 (GCVE-0-2026-27820)

    Vulnerability from cvelistv5 – Published: 2026-04-16 17:27 – Updated: 2026-04-16 18:20
    VLAI
    Title
    zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
    Summary
    zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    References
    Impacted products
    Vendor Product Version
    ruby zlib Affected: < 3.0.1
    Affected: >= 3.1.0, < 3.1.2
    Affected: >= 3.2.0, < 3.2.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27820",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T18:20:13.051389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T18:20:21.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "zlib",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.1.0, \u003c 3.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 3.2.0, \u003c 3.2.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 1.7,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131: Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T17:27:48.944Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w"
            },
            {
              "name": "https://hackerone.com/reports/3467067",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/3467067"
            }
          ],
          "source": {
            "advisory": "GHSA-g857-hhfv-j68w",
            "discovery": "UNKNOWN"
          },
          "title": "zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-27820",
        "datePublished": "2026-04-16T17:27:48.944Z",
        "dateReserved": "2026-02-24T02:32:39.799Z",
        "dateUpdated": "2026-04-16T18:20:21.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33210 (GCVE-0-2026-33210)

    Vulnerability from cvelistv5 – Published: 2026-03-20 22:57 – Updated: 2026-06-30 12:07
    VLAI
    Title
    Ruby JSON has a format string injection vulnerability
    Summary
    Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-134 - Use of Externally-Controlled Format String
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-23T21:01:54.342811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-23T21:41:29.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:5"
                ],
                "defaultStatus": "unaffected",
                "product": "Logging Subsystem for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_clients:2023"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat AMQ Clients",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-20T22:57:08.758Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service (DoS) or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allow_duplicate_key: false parsing option enabled."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-134",
                    "description": "Use of Externally-Controlled Format String",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:37.618Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-33210"
              },
              {
                "name": "RHBZ#2449871",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449871"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33210.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20606"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20596"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:20606: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20596: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-21T00:01:40.435Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-20T22:57:08.758Z",
                "value": "Made public."
              }
            ],
            "title": "ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "json",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0, \u003c 2.15.2.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.16.0, \u003c 2.17.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.18.0, \u003c 2.19.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-134",
                  "description": "CWE-134: Use of Externally-Controlled Format String",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-20T22:57:08.758Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3"
            }
          ],
          "source": {
            "advisory": "GHSA-3m6g-2423-7cp3",
            "discovery": "UNKNOWN"
          },
          "title": "Ruby JSON has a format string injection vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33210",
        "datePublished": "2026-03-20T22:57:08.758Z",
        "dateReserved": "2026-03-17T23:23:58.313Z",
        "dateUpdated": "2026-06-30T12:07:37.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-61594 (GCVE-0-2025-61594)

    Vulnerability from cvelistv5 – Published: 2025-12-30 21:03 – Updated: 2026-04-16 17:02
    VLAI
    Title
    URI Credential Leakage Bypass over CVE-2025-27221
    Summary
    URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
    Assigner
    Impacted products
    Vendor Product Version
    ruby uri Affected: < 0.12.5
    Affected: >= 0.13.0, < 0.13.3
    Affected: >= 1.0.0, < 1.0.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-61594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T21:29:32.513492Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T21:29:39.048Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "uri",
              "vendor": "ruby",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.12.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.13.0, \u003c 0.13.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.0, \u003c 1.0.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-212",
                  "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T17:02:32.149Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ruby/uri/security/advisories/GHSA-j4pr-3wm6-xx2r",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ruby/uri/security/advisories/GHSA-j4pr-3wm6-xx2r"
            },
            {
              "name": "https://hackerone.com/reports/2957667",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/2957667"
            },
            {
              "name": "https://github.com/advisories/GHSA-22h5-pq3x-2gf2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/advisories/GHSA-22h5-pq3x-2gf2"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2025/02/26/security-advisories",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ruby-lang.org/en/news/2025/02/26/security-advisories"
            }
          ],
          "source": {
            "advisory": "GHSA-j4pr-3wm6-xx2r",
            "discovery": "UNKNOWN"
          },
          "title": "URI Credential Leakage Bypass over CVE-2025-27221"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-61594",
        "datePublished": "2025-12-30T21:03:08.990Z",
        "dateReserved": "2025-09-26T16:25:25.150Z",
        "dateUpdated": "2026-04-16T17:02:32.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201404-0592

    Vulnerability from variot - Updated: 2026-04-10 23:34

    The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed.". RubyGems actionpack is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Each bulletin will include a patch and/or mitigation guideline.

    Note: OpenSSL is an external product embedded in HP products.

    Bulletin Applicability:

    This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide.

    To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . No user action is required to install them. HP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for the following firmware versions:

    671H_GS00601 665H_GS12501 663H_GS04601

    HP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in 655H firmware versions:

    655H_GS10201

    HP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. If the library firmware cannot be updated, HP recommends following the Mitigation Instructions below.

    Mitigation Instructions

    The following configuration options that allow access to the Heartbeat function in the vulnerable versions of OpenSSL are not enabled by default. Verify that the following options are "disabled" using the Tape Library GUI:

    Product Configuration Options to Disable TLS Heartbeat Functions

    Secure SMI-S CVTL User

    Note: Disabling these features blocks the vulnerable OpenSSL function in both the ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape Drives. The basic functionality of the library is not affected by these configuration changes and SSL access to the user interface is not affected by this configuration change or setting. ============================================================================ Ubuntu Security Notice USN-2165-1 April 07, 2014

    openssl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 13.10
    • Ubuntu 12.10
    • Ubuntu 12.04 LTS

    Summary:

    OpenSSL could be made to expose sensitive information over the network, possibly including private keys.

    Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

    Details:

    Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. (CVE-2014-0160)

    Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2

    Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7

    Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12

    After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them.

    Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz: Upgraded. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org for preparing the fix. Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 ( Security fix ) patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz: Upgraded. +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz

    Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz

    Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz

    Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz

    Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz

    Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 14.0 packages: 5467a62ebfbe9a9bfff64dcc4cfcdf7d openssl-1.0.1g-i486-1_slack14.0.txz bdadd9920f2ce6fe4a0a7bd0d96f99df openssl-solibs-1.0.1g-i486-1_slack14.0.txz

    Slackware x86_64 14.0 packages: 11ede2992e2b5d15bd3ffc5807571350 openssl-1.0.1g-x86_64-1_slack14.0.txz 858ea6409aab45a67a880458ce48f923 openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz

    Slackware 14.1 packages: 8638083d9768ffcc4b7c597806ca634c openssl-1.0.1g-i486-1_slack14.1.txz 4d9dfe9db9e1f286ead72fc60971807b openssl-solibs-1.0.1g-i486-1_slack14.1.txz

    Slackware x86_64 14.1 packages: d85f8f451f71dd606f3adb59e582322a openssl-1.0.1g-x86_64-1_slack14.1.txz 43ff4bbfe26f99e7a3b9145146d191a0 openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz

    Slackware -current packages: 265a66855320207d4a7567ac5ae9a747 a/openssl-solibs-1.0.1g-i486-1.txz bf07a4b17f1c78a4081e2cfb711b8748 n/openssl-1.0.1g-i486-1.txz

    Slackware x86_64 -current packages: 27e5135d764bd87bdb784b288e416b22 a/openssl-solibs-1.0.1g-x86_64-1.txz 5ef747eed99ac34102b34d8d0eaed3a8 n/openssl-1.0.1g-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the packages as root:

    upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. If bulk software or firmware updates are required, use an unaffected or patched version of HP Smart Update Manager (HP SUM) to do single or batch updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: rhevm-spice-client security update Advisory ID: RHSA-2014:0416-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0416.html Issue date: 2014-04-17 CVE Names: CVE-2012-4929 CVE-2013-0169 CVE-2013-4353 CVE-2014-0160 =====================================================================

    1. Summary:

    Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3.

    The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    RHEV-M 3.3 - noarch

    1. Description:

    Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems.

    The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues:

    An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. (CVE-2014-0160)

    It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)

    A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)

    It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)

    Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter.

    The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers:

    CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166

    All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    857051 - CVE-2012-4929 SSL/TLS CRIME attack against HTTPS 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets 1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets

    1. Package List:

    RHEV-M 3.3:

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-spice-client-3.3-12.el6_5.src.rpm

    noarch: rhevm-spice-client-x64-cab-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x64-msi-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x86-cab-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x86-msi-3.3-12.el6_5.noarch.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2012-4929.html https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-4353.html https://www.redhat.com/security/data/cve/CVE-2014-0160.html https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2014 Red Hat, Inc.

    The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04239372

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c04239372 Version: 4

    HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2014-04-13 Last Updated: 2014-05-13

    Potential Security Impact: Remote disclosure of information, Denial of Service (DoS)

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).

    References:

    CVE-2014-0160 (SSRT101501) Disclosure of Information - "Heartbleed" CVE-2013-4353 Denial of Service (DoS) CVE-2013-6449 Denial of Service (DoS) CVE-2013-6450 Denial of Service (DoS)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2013-4353 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6449 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6450 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH):

    Product version/Platform Download Location

    SMH 7.2.3 Windows x86 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52

    SMH 7.2.3 Windows x64 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37

    SMH 7.3.2.1(B) Windows x86 http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a

    SMH 7.3.2.1(B) Windows x64 http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76

    SMH 7.3.2 Linux x86 http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178

    SMH 7.3.2 Linux x64 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37

    Notes

    SMH 7.2.3 recommended for customers running Windows 2003 OS Updated OpenSSL to version 1.0.1g

    Note: If you believe your SMH installation was exploited while it was running components vulnerable to heartbleed, there are some steps to perform after youve upgraded to the non-vulnerable components. These steps include revoking, recreating, and re-importing certificates and resetting passwords that might have been harvested by a malicious attacker using the heartbleed vulnerability.

    Impact on VCA - VCRM communication: VCA configures VCRM by importing the SMH certificate from the SMH of VCA into the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if the user wants to continue with Trust by Certificate option, and the outdated certificate should be revoked (deleted) from each location where it was previously imported. If you use HPSIMs 2-way trust feature, and have imported SMH certificates into HPSIM, you will also need to revoke those SMH certificated from HPSIM and reimport the newly created SMH certificates. Though SMH uses OS credentials using OS-based APIs, user provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. If you suspect your systems using SMH were exploited while they were vulnerable to heartbleed, these passwords need to be reset.

    Frequently Asked Questions

    Will updated systems require a reboot after applying the SMH patch? No, reboot of the system will not be required. Installing the new build is sufficient to get back to the normal state. Is a Firmware Update necessary in addition to the SMH patch? No, only the SMH update is sufficient to remove the heartbleed-vulnerable version of SMH. Will new certificates be issued along with the patch, or need to be handled separately? If you suspect the certificate has been compromised due to this vulnerability, we do recommend to delete and revoke the certificate, or SMH will reuse the existing certificate. New certificate will be created when SMH service starts (at the end of the fresh / upgrade installation). Instructions on deleting the certificate are in the notes above. Where can I get SMH documentation? All major documents are available at: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library Select HP Insight Management under Product and Solutions & check HP System Management Homepage to get SMH related documents.

    What are the recommended upgrade paths? See the table below: SMH DVD SPP Recommended SMH update for Linux Recommended SMH update for Windows 2003 and Widows 2003 R2 Recommended SMH update for other Windows OS versions

    v7.1.2 v7.1.2 2012.10.0 v7.3.2 v7.2.3 v7.3.2

    v7.2.0 v7.2.0 2013.02.0(B) v7.3.2 v7.2.3 v7.3.2

    v7.2.1 v7.2u1

    v7.3.2 v7.2.3 v7.3.2

    v7.2.2 v7.2u2 2013.09.0(B) v7.3.2 v7.2.3 v7.3.2

    v7.3.0 v7.3.0

    v7.3.2 not supported v7.3.2

    v7.3.1 v7.3.1 2014.02.0 v7.3.2 not supported v7.3.2

    How can I verify whether my setup is patched successfully? SMH version can be verified by executing following command on: Windows: hp\hpsmh\bin\smhlogreader version Linux: /opt/hp/hpsmh/bin/smhlogreader version Will VCA-VCRM communication be impacted due to the SMH certificate being deleted? VCA configures VCRM by importing the SMH certificate (sslshare\cert.pem) from the SMH of VCA to the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if user wants to continue with Trust by Certificate option, and remove the old, previously imported certificate. Should I reset password on all managed nodes, where SMH was/is running? Though SMH uses OS credentials using OS based APIs, user-provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. Passwords need to be reset if you suspect the vulnerable version of SMH was exploited by malicious users/ hackers.

    HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Version:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released Version:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released Version:4 (rev.4) - 13 May 2014 Added additional remediation steps for post update installation

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

    iEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd fm4AoKM1d7+F05Xo87Bicnmh0OHidg/O =bK11 -----END PGP SIGNATURE----- . This bulletin will give you the information needed to update your HP Insight Control server deployment solution.

    Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64

    References: CVE-2014-0160 (SSRT101538)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP is actively working to address this vulnerability for the impacted versions of HP Insight Control server deployment. This bulletin may be revised. It is recommended that customers take the following approaches depending on the version of HP Insight Control server deployment:

    To address the vulnerability in an initial installation of HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 only follow steps 1 through Step 3 of the following procedure, before initiating an operating system deployment.

    To address the vulnerability in a previous installation of HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 follow all steps in the following procedure.

    Delete the smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, row 1,2,3,4. Delete the affected hpsmh-7.*.rpm" from Component Copy Location listed in the following table, row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location suggested in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location

    1 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52 smhx86-cp023242.exe \express\hpfeatures\hpagents-ws\components\Win2003

    2 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37 smhamd64-cp023243.exe \express\hpfeatures\hpagents-ws\components\Win2003

    3 http://www.hp.com/swpublishing/MTX-2e19c856f0e84e20a14c63ecd0 smhamd64-cp023240.exe \express\hpfeatures\hpagents-ws\components\Win2008

    4 http://www.hp.com/swpublishing/MTX-41199f68c1144acb84a5798bf0 smhx86-cp023239.exe \express\hpfeatures\hpagents-ws\components\Win2008

    5 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components

    Table 1

    Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.3.2.2"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "20"
          },
          {
            "_id": null,
            "model": "v60",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.15"
          },
          {
            "_id": null,
            "model": "s9922l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ricon",
            "version": "16.10.3\\(3794\\)"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.1.2.5"
          },
          {
            "_id": null,
            "model": "gluster storage",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "application processing engine",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "v100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.24"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1g"
          },
          {
            "_id": null,
            "model": "simatic s7-1500",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "19"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.10"
          },
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.1.3.3"
          },
          {
            "_id": null,
            "model": "symantec messaging gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "10.6.1"
          },
          {
            "_id": null,
            "model": "virtualization",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "v100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.20"
          },
          {
            "_id": null,
            "model": "v60",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.25"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "13.10"
          },
          {
            "_id": null,
            "model": "cp 1543-1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "wincc open architecture",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.12"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.3.0.104"
          },
          {
            "_id": null,
            "model": "splunk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.2.0.11"
          },
          {
            "_id": null,
            "model": "elan-8.2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "8.3.3"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "storage",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "filezilla",
            "version": "0.9.44"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "simatic s7-1500t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "mivoice",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "1.4.0.102"
          },
          {
            "_id": null,
            "model": "v100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "intellian",
            "version": "1.21"
          },
          {
            "_id": null,
            "model": "symantec messaging gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "10.6.0"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "micollab",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "arch linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aruba",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmate",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bee ware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ca",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "extreme",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fortinet",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "global associates",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva s a",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "marklogic",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mcafee",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nvidia",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netbsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openvpn",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sophos",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "unisys",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "watchguard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wind river",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opensuse",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pfsense",
            "version": null
          },
          {
            "_id": null,
            "model": "studio onsite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "suse",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "s u s e",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "s u s e",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "software collections for rhel",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "0"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "puppetlabs",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "chef",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opscode",
            "version": "11.1.2"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "chef",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "opscode",
            "version": "11.1.3"
          },
          {
            "_id": null,
            "model": "webyast",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "lifecycle management server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "3.2.15"
          },
          {
            "_id": null,
            "model": "openstack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "actionpack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rubygems",
            "version": "3.2.16"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.7"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.5"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.10"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails 3.1.0.rc5",
            "scope": null,
            "trust": 0.3,
            "vendor": "ruby",
            "version": null
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.8.4"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.14"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.12"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.4"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "1.2.7"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.12"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.11"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.17"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "cloudforms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.12"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.15"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.7.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.13"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.8.3"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.18"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.4"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.17"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.7"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.8.0"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.5.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.7"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.8"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.20"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.1.2"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.5.1"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.4"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.5"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "3.1.3"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.7.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.9"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.16"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails 3.1.0.rc6",
            "scope": null,
            "trust": 0.3,
            "vendor": "ruby",
            "version": null
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.1.8"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.11"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.0.19"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.13"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.11"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.8"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.10"
          },
          {
            "_id": null,
            "model": "on rails ruby on rails",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ruby",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.8.2"
          },
          {
            "_id": null,
            "model": "puppet enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "puppetlabs",
            "version": "2.7"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "HP",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "126605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126954"
          },
          {
            "db": "PACKETSTORM",
            "id": "126284"
          },
          {
            "db": "PACKETSTORM",
            "id": "126361"
          },
          {
            "db": "PACKETSTORM",
            "id": "126417"
          },
          {
            "db": "PACKETSTORM",
            "id": "126305"
          },
          {
            "db": "PACKETSTORM",
            "id": "126644"
          },
          {
            "db": "PACKETSTORM",
            "id": "126164"
          },
          {
            "db": "PACKETSTORM",
            "id": "127279"
          },
          {
            "db": "PACKETSTORM",
            "id": "127085"
          },
          {
            "db": "PACKETSTORM",
            "id": "126784"
          }
        ],
        "trust": 1.1
      },
      "cve": "CVE-2014-0160",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0160",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 5.0,
                "collateralDamagePotential": "LOW-MEDIUM",
                "confidentialityImpact": "PARTIAL",
                "confidentialityRequirement": "HIGH",
                "enviromentalScore": 6.5,
                "exploitability": "FUNCTIONAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0160",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "integrityRequirement": "HIGH",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "MEDIUM",
                "targetDistribution": "HIGH",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2014-0160",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0160",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2014-0160",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0160",
                "trust": 0.8,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-0160",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as \"heartbleed.\". RubyGems actionpack is prone to a denial-of-service vulnerability. \nRemote attackers can exploit this issue to cause denial-of-service conditions. \nOpenSSL is a 3rd party product that is embedded with some of HP Software\nproducts. This bulletin objective is to notify HP Software customers about\nproducts affected by the Heartbleed vulnerability. This weakness\npotentially allows disclosure of information protected, under normal\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\nbelow are vulnerable due to embedding OpenSSL standard release software. Each bulletin will include a patch and/or mitigation\nguideline. \n\nNote: OpenSSL is an external product embedded in HP products. \n\nBulletin Applicability:\n\nThis bulletin applies to each OpenSSL component that is embedded within the\nHP products listed in the security bulletin. The bulletin does not apply to\nany other 3rd party application (e.g. operating system, web server, or\napplication server) that may be required to be installed by the customer\naccording instructions in the product install guide. \n\nTo learn more about HP Software Incident Response, please visit http://www8.h\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\nenter.html . No user action is\nrequired to install them. \nHP StoreEver ESL G3 Tape Libraries with MCB rev 2  OpenSSL version 1.0.1f for\nthe following firmware versions:\n\n671H_GS00601\n665H_GS12501\n663H_GS04601\n\nHP StoreEver ESL G3 Tape Libraries with MCB rev 1  Open SSL version 1.0.1e in\n655H firmware versions:\n\n655H_GS10201\n\nHP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. \nIf the library firmware cannot be updated, HP recommends following the\nMitigation Instructions below. \n\nMitigation Instructions\n\nThe following configuration options that allow access to the Heartbeat\nfunction in the vulnerable versions of OpenSSL are not enabled by default. \nVerify that the following options are \"disabled\" using the Tape Library GUI:\n\nProduct Configuration Options to Disable TLS Heartbeat Functions\n\nSecure SMI-S\nCVTL User\n\nNote: Disabling these features blocks the vulnerable OpenSSL function in both\nthe ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape\nDrives. The basic functionality of the library is not affected by these\nconfiguration changes and SSL access to the user interface is not affected by\nthis configuration change or setting. ============================================================================\nUbuntu Security Notice USN-2165-1\nApril 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSL could be made to expose sensitive information over the network,\npossibly including private keys. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nNeel Mehta discovered that OpenSSL incorrectly handled memory in the TLS\nheartbeat extension. (CVE-2014-0160)\n\nYuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled\ntiming during swap operations in the Montgomery ladder implementation. An\nattacker could use this issue to perform side-channel attacks and possibly\nrecover ECDSA nonces. (CVE-2014-0076)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.2\n\nUbuntu 12.10:\n  libssl1.0.0                     1.0.1c-3ubuntu2.7\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.12\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. Since this issue may have resulted in compromised\nprivate keys, it is recommended to regenerate them. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1g-i486-1_slack14.1.txz:  Upgraded. \n  Thanks for Neel Mehta of Google Security for discovering this bug and to\n  Adam Langley \u003cagl@chromium.org\u003e and Bodo Moeller \u003cbmoeller@acm.org\u003e for\n  preparing the fix. \n  Fix for the attack described in the paper \"Recovering OpenSSL\n  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\n  by Yuval Yarom and Naomi Benger. Details can be obtained from:\n  http://eprint.iacr.org/2014/140\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n5467a62ebfbe9a9bfff64dcc4cfcdf7d  openssl-1.0.1g-i486-1_slack14.0.txz\nbdadd9920f2ce6fe4a0a7bd0d96f99df  openssl-solibs-1.0.1g-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n11ede2992e2b5d15bd3ffc5807571350  openssl-1.0.1g-x86_64-1_slack14.0.txz\n858ea6409aab45a67a880458ce48f923  openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8638083d9768ffcc4b7c597806ca634c  openssl-1.0.1g-i486-1_slack14.1.txz\n4d9dfe9db9e1f286ead72fc60971807b  openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd85f8f451f71dd606f3adb59e582322a  openssl-1.0.1g-x86_64-1_slack14.1.txz\n43ff4bbfe26f99e7a3b9145146d191a0  openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n265a66855320207d4a7567ac5ae9a747  a/openssl-solibs-1.0.1g-i486-1.txz\nbf07a4b17f1c78a4081e2cfb711b8748  n/openssl-1.0.1g-i486-1.txz\n\nSlackware x86_64 -current packages:\n27e5135d764bd87bdb784b288e416b22  a/openssl-solibs-1.0.1g-x86_64-1.txz\n5ef747eed99ac34102b34d8d0eaed3a8  n/openssl-1.0.1g-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \nIf bulk software or firmware updates are required, use an unaffected or\npatched version of HP Smart Update Manager (HP SUM) to do single or batch\nupdates. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: rhevm-spice-client security update\nAdvisory ID:       RHSA-2014:0416-01\nProduct:           Red Hat Enterprise Virtualization\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0416.html\nIssue date:        2014-04-17\nCVE Names:         CVE-2012-4929 CVE-2013-0169 CVE-2013-4353 \n                   CVE-2014-0160 \n=====================================================================\n\n1. Summary:\n\nUpdated rhevm-spice-client packages that fix multiple security issues are\nnow available for Red Hat Enterprise Virtualization Manager 3. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV-M 3.3 - noarch\n\n3. Description:\n\nRed Hat Enterprise Virtualization Manager provides access to virtual\nmachines using SPICE. These SPICE client packages provide the SPICE client\nand usbclerk service for both Windows 32-bit operating systems and Windows\n64-bit operating systems. \n\nThe rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE\nclient. OpenSSL, a general purpose cryptography library with a TLS\nimplementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer\npackage has been updated to correct the following issues:\n\nAn information disclosure flaw was found in the way OpenSSL handled TLS and\nDTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server\ncould send a specially crafted TLS or DTLS Heartbeat packet to disclose a\nlimited portion of memory per request from a connected client or server. (CVE-2014-0160)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the way OpenSSL handled\nTLS/SSL protocol handshake packets. A specially crafted handshake packet\ncould cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text. \n(CVE-2012-4929)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter. \n\nThe updated mingw-virt-viewer Windows SPICE client further includes OpenSSL\nsecurity fixes that have no security impact on mingw-virt-viewer itself. \nThe security fixes included in this update address the following CVE\nnumbers:\n\nCVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166\n\nAll Red Hat Enterprise Virtualization Manager users are advised to upgrade\nto these updated packages, which address these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n857051 - CVE-2012-4929 SSL/TLS CRIME attack against HTTPS\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets\n1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets\n\n6. Package List:\n\nRHEV-M 3.3:\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-spice-client-3.3-12.el6_5.src.rpm\n\nnoarch:\nrhevm-spice-client-x64-cab-3.3-12.el6_5.noarch.rpm\nrhevm-spice-client-x64-msi-3.3-12.el6_5.noarch.rpm\nrhevm-spice-client-x86-cab-3.3-12.el6_5.noarch.rpm\nrhevm-spice-client-x86-msi-3.3-12.el6_5.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-4929.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-0169.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4353.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0160.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n\nThe HP SIM software itself is not vulnerable to CVE-2014-0160 (\"Heartbleed\"). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04239372\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04239372\nVersion: 4\n\nHPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on\nLinux and Windows, Remote Disclosure of Information, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-04-13\nLast Updated: 2014-05-13\n\nPotential Security Impact: Remote disclosure of information, Denial of\nService (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS). \n\nReferences:\n\nCVE-2014-0160 (SSRT101501) Disclosure of Information - \"Heartbleed\"\nCVE-2013-4353 Denial of Service (DoS)\nCVE-2013-6449 Denial of Service (DoS)\nCVE-2013-6450 Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3,\nv7.3.1 for Linux and Windows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-4353    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2013-6449    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2013-6450    (AV:N/AC:M/Au:N/C:N/I:P/A:P)       5.8\nCVE-2014-0160    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH):\n\nProduct version/Platform\n Download Location\n\nSMH 7.2.3 Windows x86\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n\nSMH 7.2.3 Windows x64\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n\nSMH 7.3.2.1(B) Windows x86\n http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a\n\nSMH 7.3.2.1(B) Windows x64\n http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76\n\nSMH 7.3.2 Linux x86\n http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178\n\nSMH 7.3.2 Linux x64\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n\nNotes\n\nSMH 7.2.3 recommended for customers running Windows 2003 OS\nUpdated OpenSSL to version 1.0.1g\n\nNote: If you believe your SMH installation was exploited while it was running\ncomponents vulnerable to heartbleed, there are some steps to perform after\nyouve upgraded to the non-vulnerable components. These steps include\nrevoking, recreating, and re-importing certificates and resetting passwords\nthat might have been harvested by a malicious attacker using the heartbleed\nvulnerability. \n\nImpact on VCA - VCRM communication: VCA configures VCRM by importing the SMH\ncertificate from the SMH of VCA into the SMH of VCRM. When this certificate\nis deleted \u0026 regenerated (as suggested before), it needs to be (re)imported\nif the user wants to continue with Trust by Certificate option, and the\noutdated certificate should be revoked (deleted) from each location where it\nwas previously imported. \nIf you use HPSIMs 2-way trust feature, and have imported SMH certificates\ninto HPSIM, you will also need to revoke those SMH certificated from HPSIM\nand reimport the newly created SMH certificates. \nThough SMH uses OS credentials using OS-based APIs, user provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. If you suspect your systems using SMH were exploited while they\nwere vulnerable to heartbleed, these passwords need to be reset. \n\nFrequently Asked Questions\n\nWill updated systems require a reboot after applying the SMH patch?\nNo, reboot of the system will not be required. Installing the new build is\nsufficient to get back to the normal state. \nIs a Firmware Update necessary in addition to the SMH patch?\nNo, only the SMH update is sufficient to remove the heartbleed-vulnerable\nversion of SMH. \nWill new certificates be issued along with the patch, or need to be handled\nseparately?\nIf you suspect the certificate has been compromised due to this\nvulnerability, we do recommend to delete and revoke the certificate, or SMH\nwill reuse the existing certificate. New certificate will be created when SMH\nservice starts (at the end of the fresh / upgrade installation). Instructions\non deleting the certificate are in the notes above. \nWhere can I get SMH documentation?\nAll major documents are available at:\nhttp://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library\nSelect HP Insight Management under Product and Solutions \u0026 check HP System\nManagement Homepage to get SMH related documents. \n\nWhat are the recommended upgrade paths?\nSee the table below:\nSMH\n DVD\n SPP\n Recommended SMH update for Linux\n Recommended SMH update for Windows 2003 and Widows 2003 R2\n Recommended SMH update for other Windows OS versions\n\nv7.1.2\n v7.1.2\n 2012.10.0\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.0\n v7.2.0\n 2013.02.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.1\n v7.2u1\n\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.2.2\n v7.2u2\n 2013.09.0(B)\n v7.3.2\n v7.2.3\n v7.3.2\n\nv7.3.0\n v7.3.0\n\n v7.3.2\n not supported\n v7.3.2\n\nv7.3.1\n v7.3.1\n 2014.02.0\n v7.3.2\n not supported\n v7.3.2\n\nHow can I verify whether my setup is patched successfully?\nSMH version can be verified by executing following command on:\nWindows: hp\\hpsmh\\bin\\smhlogreader version\nLinux: /opt/hp/hpsmh/bin/smhlogreader version\nWill VCA-VCRM communication be impacted due to the SMH certificate being\ndeleted?\nVCA configures VCRM by importing the SMH certificate (sslshare\\cert.pem) from\nthe SMH of VCA to the SMH of VCRM. When this certificate is deleted \u0026\nregenerated (as suggested before), it needs to be (re)imported if user wants\nto continue with Trust by Certificate option, and remove the old, previously\nimported certificate. \nShould I reset password on all managed nodes, where SMH was/is running?\nThough SMH uses OS credentials using OS based APIs, user-provided credentials\nare passed from the client (browser) to the server (SMH) using the HTTPS\nprotocol. Passwords need to be reset if you suspect the vulnerable version of\nSMH was exploited by malicious users/ hackers. \n\nHISTORY\nVersion:1 (rev.1) - 13 April 2014 Initial release\nVersion:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released\nVersion:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released\nVersion:4 (rev.4) - 13 May 2014 Added additional remediation steps for post\nupdate installation\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd\nfm4AoKM1d7+F05Xo87Bicnmh0OHidg/O\n=bK11\n-----END PGP SIGNATURE-----\n. This bulletin will give you the information needed to\nupdate your HP Insight Control server deployment solution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\n\nReferences: CVE-2014-0160 (SSRT101538)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-0160    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP is actively working to address this vulnerability for the impacted\nversions of HP Insight Control server deployment. This bulletin may be\nrevised. It is recommended that customers take the following approaches\ndepending on the version of HP Insight Control server deployment:\n\nTo address the vulnerability in an initial installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 only follow steps 1\nthrough Step 3 of the following procedure, before initiating an operating\nsystem deployment. \n\nTo address the vulnerability in a previous installation of HP Insight Control\nserver deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 follow all steps in the\nfollowing procedure. \n\nDelete the smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location listed\nin the following table, row 1,2,3,4. \nDelete the affected hpsmh-7.*.rpm\" from Component Copy Location listed in the\nfollowing table, row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nsuggested in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52\n smhx86-cp023242.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n2\n http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37\n smhamd64-cp023243.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n3\n http://www.hp.com/swpublishing/MTX-2e19c856f0e84e20a14c63ecd0\n smhamd64-cp023240.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-41199f68c1144acb84a5798bf0\n smhx86-cp023239.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nTable 1\n\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          },
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          },
          {
            "db": "PACKETSTORM",
            "id": "126644"
          },
          {
            "db": "PACKETSTORM",
            "id": "126784"
          },
          {
            "db": "PACKETSTORM",
            "id": "127085"
          },
          {
            "db": "PACKETSTORM",
            "id": "127279"
          },
          {
            "db": "PACKETSTORM",
            "id": "126045"
          },
          {
            "db": "PACKETSTORM",
            "id": "126086"
          },
          {
            "db": "PACKETSTORM",
            "id": "126164"
          },
          {
            "db": "PACKETSTORM",
            "id": "126305"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          },
          {
            "db": "PACKETSTORM",
            "id": "126197"
          },
          {
            "db": "PACKETSTORM",
            "id": "126361"
          },
          {
            "db": "PACKETSTORM",
            "id": "126284"
          },
          {
            "db": "PACKETSTORM",
            "id": "126954"
          },
          {
            "db": "PACKETSTORM",
            "id": "126605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126417"
          }
        ],
        "trust": 3.51
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/720951",
            "trust": 0.8,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32745",
            "trust": 0.4,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0160",
            "trust": 3.9
          },
          {
            "db": "EXPLOIT-DB",
            "id": "32745",
            "trust": 1.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#720951",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "57721",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59243",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57836",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57968",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59347",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57966",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57483",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57347",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59139",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030079",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030074",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030081",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030080",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030026",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030077",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030082",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1030078",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "66690",
            "trust": 1.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "32764",
            "trust": 1.1
          },
          {
            "db": "USCERT",
            "id": "TA14-098A",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-635659",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "64074",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "65604",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-14-135-02",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126605",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126954",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126284",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126361",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126197",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126417",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126305",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126644",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126164",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126086",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126045",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "127279",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "127085",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126784",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          },
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          },
          {
            "db": "PACKETSTORM",
            "id": "126605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126954"
          },
          {
            "db": "PACKETSTORM",
            "id": "126284"
          },
          {
            "db": "PACKETSTORM",
            "id": "126361"
          },
          {
            "db": "PACKETSTORM",
            "id": "126197"
          },
          {
            "db": "PACKETSTORM",
            "id": "126417"
          },
          {
            "db": "PACKETSTORM",
            "id": "126305"
          },
          {
            "db": "PACKETSTORM",
            "id": "126644"
          },
          {
            "db": "PACKETSTORM",
            "id": "126164"
          },
          {
            "db": "PACKETSTORM",
            "id": "126086"
          },
          {
            "db": "PACKETSTORM",
            "id": "126045"
          },
          {
            "db": "PACKETSTORM",
            "id": "127279"
          },
          {
            "db": "PACKETSTORM",
            "id": "127085"
          },
          {
            "db": "PACKETSTORM",
            "id": "126784"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "id": "VAR-201404-0592",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6038711649999999
      },
      "last_update_date": "2026-04-10T23:34:59.841000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2017/01/23/heartbleed_2017/"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/"
          },
          {
            "title": "Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e4799ab8fe4804274ba2db4d65cd867b"
          },
          {
            "title": "Debian Security Advisories: DSA-2896-1 openssl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=264ec318be06a69e28012f62b2dc5bb7"
          },
          {
            "title": "Ubuntu Security Notice: openssl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2165-1"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2014-0160 "
          },
          {
            "title": "exploits",
            "trust": 0.1,
            "url": "https://github.com/vs4vijay/exploits "
          },
          {
            "title": "VULNIX",
            "trust": 0.1,
            "url": "https://github.com/El-Palomo/VULNIX "
          },
          {
            "title": "openssl-heartbleed-fix",
            "trust": 0.1,
            "url": "https://github.com/sammyfung/openssl-heartbleed-fix "
          },
          {
            "title": "cve-2014-0160",
            "trust": 0.1,
            "url": "https://github.com/cved-sources/cve-2014-0160 "
          },
          {
            "title": "heartbleed_check",
            "trust": 0.1,
            "url": "https://github.com/ehoffmann-cp/heartbleed_check "
          },
          {
            "title": "heartbleed",
            "trust": 0.1,
            "url": "https://github.com/okrutnik420/heartbleed "
          },
          {
            "title": "heartbleed-test.crx",
            "trust": 0.1,
            "url": "https://github.com/iwaffles/heartbleed-test.crx "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Maheshmaske111/te "
          },
          {
            "title": "AradSocket",
            "trust": 0.1,
            "url": "https://github.com/araditc/AradSocket "
          },
          {
            "title": "sslscan",
            "trust": 0.1,
            "url": "https://github.com/kaisenlinux/sslscan "
          },
          {
            "title": "Springboard_Capstone_Project",
            "trust": 0.1,
            "url": "https://github.com/jonahwinninghoff/Springboard_Capstone_Project "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/MrE-Fog/heartbleeder "
          },
          {
            "title": "buffer_overflow_exploit",
            "trust": 0.1,
            "url": "https://github.com/olivamadrigal/buffer_overflow_exploit "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening "
          },
          {
            "title": "insecure_project",
            "trust": 0.1,
            "url": "https://github.com/turtlesec-no/insecure_project "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Maheshmaske111/ssl "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/H4R335HR/heartbleed "
          },
          {
            "title": "nmap-scripts",
            "trust": 0.1,
            "url": "https://github.com/takeshixx/nmap-scripts "
          },
          {
            "title": "knockbleed",
            "trust": 0.1,
            "url": "https://github.com/siddolo/knockbleed "
          },
          {
            "title": "heartbleed-masstest",
            "trust": 0.1,
            "url": "https://github.com/musalbas/heartbleed-masstest "
          },
          {
            "title": "HeartBleedDotNet",
            "trust": 0.1,
            "url": "https://github.com/ShawInnes/HeartBleedDotNet "
          },
          {
            "title": "heartbleed_test_openvpn",
            "trust": 0.1,
            "url": "https://github.com/weisslj/heartbleed_test_openvpn "
          },
          {
            "title": "paraffin",
            "trust": 0.1,
            "url": "https://github.com/vmeurisse/paraffin "
          },
          {
            "title": "sslscan",
            "trust": 0.1,
            "url": "https://github.com/rbsec/sslscan "
          },
          {
            "title": "Heartbleed_Dockerfile_with_Nginx",
            "trust": 0.1,
            "url": "https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx "
          },
          {
            "title": "heartbleed-bug",
            "trust": 0.1,
            "url": "https://github.com/cldme/heartbleed-bug "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/H4CK3RT3CH/awesome-web-hacking "
          },
          {
            "title": "Web-Hacking",
            "trust": 0.1,
            "url": "https://github.com/adm0i/Web-Hacking "
          },
          {
            "title": "cybersecurity-ethical-hacking",
            "trust": 0.1,
            "url": "https://github.com/paulveillard/cybersecurity-ethical-hacking "
          },
          {
            "title": "Lastest-Web-Hacking-Tools-vol-I",
            "trust": 0.1,
            "url": "https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I "
          },
          {
            "title": "HTBValentineWriteup",
            "trust": 0.1,
            "url": "https://github.com/zimmel15/HTBValentineWriteup "
          },
          {
            "title": "heartbleed-poc",
            "trust": 0.1,
            "url": "https://github.com/sensepost/heartbleed-poc "
          },
          {
            "title": "CVE-2014-0160",
            "trust": 0.1,
            "url": "https://github.com/0x90/CVE-2014-0160 "
          },
          {
            "title": "Certified-Ethical-Hacker-Exam-CEH-v10",
            "trust": 0.1,
            "url": "https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10 "
          },
          {
            "title": "cs558heartbleed",
            "trust": 0.1,
            "url": "https://github.com/gkaptch1/cs558heartbleed "
          },
          {
            "title": "HeartBleed",
            "trust": 0.1,
            "url": "https://github.com/archaic-magnon/HeartBleed "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/undacmic/heartbleed-proof-of-concept "
          },
          {
            "title": "openvpn-jookk",
            "trust": 0.1,
            "url": "https://github.com/Jeypi04/openvpn-jookk "
          },
          {
            "title": "Heartbleed",
            "trust": 0.1,
            "url": "https://github.com/Saiprasad16/Heartbleed "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/KickFootCode/LoveYouALL "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/imesecan/LeakReducer-artifacts "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/TVernet/Kali-Tools-liste-et-description "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/k4u5h41/Heartbleed "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/ronaldogdm/Heartbleed "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/rochacbruno/my-awesome-stars "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/asadhasan73/temp_comp_sec "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Aakaashzz/Heartbleed "
          },
          {
            "title": "tls-channel",
            "trust": 0.1,
            "url": "https://github.com/marianobarrios/tls-channel "
          },
          {
            "title": "fuzzx_cpp_demo",
            "trust": 0.1,
            "url": "https://github.com/guardstrikelab/fuzzx_cpp_demo "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Ppamo/recon_net_tools "
          },
          {
            "title": "heatbleeding",
            "trust": 0.1,
            "url": "https://github.com/idkqh7/heatbleeding "
          },
          {
            "title": "HeartBleed-Vulnerability-Checker",
            "trust": 0.1,
            "url": "https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker "
          },
          {
            "title": "heartbleed",
            "trust": 0.1,
            "url": "https://github.com/iSCInc/heartbleed "
          },
          {
            "title": "heartbleed-dtls",
            "trust": 0.1,
            "url": "https://github.com/hreese/heartbleed-dtls "
          },
          {
            "title": "heartbleedchecker",
            "trust": 0.1,
            "url": "https://github.com/roganartu/heartbleedchecker "
          },
          {
            "title": "nmap-heartbleed",
            "trust": 0.1,
            "url": "https://github.com/azet/nmap-heartbleed "
          },
          {
            "title": "sslscan",
            "trust": 0.1,
            "url": "https://github.com/delishen/sslscan "
          },
          {
            "title": "web-hacking",
            "trust": 0.1,
            "url": "https://github.com/hr-beast/web-hacking "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Miss-Brain/Web-Application-Security "
          },
          {
            "title": "web-hacking",
            "trust": 0.1,
            "url": "https://github.com/Hemanthraju02/web-hacking "
          },
          {
            "title": "awesome-web-hacking",
            "trust": 0.1,
            "url": "https://github.com/QWERTSKIHACK/awesome-web-hacking "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/himera25/web-hacking-list "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/dorota-fiit/bp-Heartbleed-defense-game "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Maheshmaske111/sslscan "
          },
          {
            "title": "Heart-bleed",
            "trust": 0.1,
            "url": "https://github.com/anonymouse327311/Heart-bleed "
          },
          {
            "title": "goScan",
            "trust": 0.1,
            "url": "https://github.com/stackviolator/goScan "
          },
          {
            "title": "sec-tool-list",
            "trust": 0.1,
            "url": "https://github.com/alphaSeclab/sec-tool-list "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/utensil/awesome-stars-test "
          },
          {
            "title": "insecure-cplusplus-dojo",
            "trust": 0.1,
            "url": "https://github.com/patricia-gallardo/insecure-cplusplus-dojo "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/jubalh/awesome-package-maintainer "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Elnatty/tryhackme_labs "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/hzuiw33/OpenSSL "
          },
          {
            "title": "makeItBleed",
            "trust": 0.1,
            "url": "https://github.com/mcampa/makeItBleed "
          },
          {
            "title": "CVE-2014-0160-Chrome-Plugin",
            "trust": 0.1,
            "url": "https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin "
          },
          {
            "title": "heartbleedfixer.com",
            "trust": 0.1,
            "url": "https://github.com/reenhanced/heartbleedfixer.com "
          },
          {
            "title": "CVE-2014-0160-Scanner",
            "trust": 0.1,
            "url": "https://github.com/obayesshelton/CVE-2014-0160-Scanner "
          },
          {
            "title": "openmagic",
            "trust": 0.1,
            "url": "https://github.com/isgroup-srl/openmagic "
          },
          {
            "title": "heartbleeder",
            "trust": 0.1,
            "url": "https://github.com/titanous/heartbleeder "
          },
          {
            "title": "cardiac-arrest",
            "trust": 0.1,
            "url": "https://github.com/ah8r/cardiac-arrest "
          },
          {
            "title": "heartbleed_openvpn_poc",
            "trust": 0.1,
            "url": "https://github.com/tam7t/heartbleed_openvpn_poc "
          },
          {
            "title": "docker-wheezy-with-heartbleed",
            "trust": 0.1,
            "url": "https://github.com/simonswine/docker-wheezy-with-heartbleed "
          },
          {
            "title": "docker-testssl",
            "trust": 0.1,
            "url": "https://github.com/mbentley/docker-testssl "
          },
          {
            "title": "heartbleedscanner",
            "trust": 0.1,
            "url": "https://github.com/hybridus/heartbleedscanner "
          },
          {
            "title": "HeartLeak",
            "trust": 0.1,
            "url": "https://github.com/OffensivePython/HeartLeak "
          },
          {
            "title": "HBL",
            "trust": 0.1,
            "url": "https://github.com/ssc-oscar/HBL "
          },
          {
            "title": "awesome-stars",
            "trust": 0.1,
            "url": "https://github.com/utensil/awesome-stars "
          },
          {
            "title": "SecurityTesting_web-hacking",
            "trust": 0.1,
            "url": "https://github.com/mostakimur/SecurityTesting_web-hacking "
          },
          {
            "title": "awesome-web-hacking",
            "trust": 0.1,
            "url": "https://github.com/winterwolf32/awesome-web-hacking "
          },
          {
            "title": "awesome-web-hacking-1",
            "trust": 0.1,
            "url": "https://github.com/winterwolf32/awesome-web-hacking-1 "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Mehedi-Babu/ethical_hacking_cyber "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking "
          },
          {
            "title": "awesome-web-hacking",
            "trust": 0.1,
            "url": "https://github.com/thanshurc/awesome-web-hacking "
          },
          {
            "title": "hack",
            "trust": 0.1,
            "url": "https://github.com/nvnpsplt/hack "
          },
          {
            "title": "awesome-web-hacking",
            "trust": 0.1,
            "url": "https://github.com/noname1007/awesome-web-hacking "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/ImranTheThirdEye/awesome-web-hacking "
          },
          {
            "title": "web-hacking",
            "trust": 0.1,
            "url": "https://github.com/Ondrik8/web-hacking "
          },
          {
            "title": "CheckSSL-ciphersuite",
            "trust": 0.1,
            "url": "https://github.com/kal1gh0st/CheckSSL-ciphersuite "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/undacmic/HeartBleed-Demo "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/MrE-Fog/ssl-heartbleed.nse "
          },
          {
            "title": "welivesecurity",
            "trust": 0.1,
            "url": "https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.7,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0376.html"
          },
          {
            "trust": 1.9,
            "url": "http://heartbleed.com/"
          },
          {
            "trust": 1.9,
            "url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/"
          },
          {
            "trust": 1.9,
            "url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html"
          },
          {
            "trust": 1.9,
            "url": "https://code.google.com/p/mod-spdy/issues/detail?id=85"
          },
          {
            "trust": 1.9,
            "url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160"
          },
          {
            "trust": 1.9,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed"
          },
          {
            "trust": 1.9,
            "url": "http://www.debian.org/security/2014/dsa-2896"
          },
          {
            "trust": 1.9,
            "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
          },
          {
            "trust": 1.9,
            "url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
          },
          {
            "trust": 1.7,
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
          },
          {
            "trust": 1.2,
            "url": "http://www.ubuntu.com/usn/usn-2165-1"
          },
          {
            "trust": 1.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
          },
          {
            "trust": 1.1,
            "url": "http://www.openssl.org/news/secadv_20140407.txt"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030078"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/109"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/190"
          },
          {
            "trust": 1.1,
            "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0396.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030082"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57347"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139722163017074\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030077"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0377.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030080"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030074"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/90"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030081"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0378.html"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/91"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57483"
          },
          {
            "trust": 1.1,
            "url": "http://www.splunk.com/view/sp-caaamb3"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030079"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57721"
          },
          {
            "trust": 1.1,
            "url": "http://www.blackberry.com/btsc/kb35882"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1030026"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/66690"
          },
          {
            "trust": 1.1,
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
          },
          {
            "trust": 1.1,
            "url": "http://www.us-cert.gov/ncas/alerts/ta14-098a"
          },
          {
            "trust": 1.1,
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57966"
          },
          {
            "trust": 1.1,
            "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/apr/173"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57968"
          },
          {
            "trust": 1.1,
            "url": "http://www.exploit-db.com/exploits/32745"
          },
          {
            "trust": 1.1,
            "url": "http://www.kb.cert.org/vuls/id/720951"
          },
          {
            "trust": 1.1,
            "url": "http://www.exploit-db.com/exploits/32764"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57836"
          },
          {
            "trust": 1.1,
            "url": "https://gist.github.com/chapmajs/10473815"
          },
          {
            "trust": 1.1,
            "url": "http://cogentdatahub.com/releasenotes.html"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905458328378\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139869891830365\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139889113431619\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1"
          },
          {
            "trust": 1.1,
            "url": "http://www.kerio.com/support/kerio-control/release-history"
          },
          {
            "trust": 1.1,
            "url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3"
          },
          {
            "trust": 1.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0165.html"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result\u0026javax.portlet.begcachetok=com.vignette.cachetoken\u0026javax.portlet.endcachetok=com.vignette.cachetoken"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
          },
          {
            "trust": 1.1,
            "url": "https://filezilla-project.org/versions.php?type=server"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=141287864628122\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/dec/23"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139817727317190\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139757726426985\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139758572430452\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905653828999\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139842151128341\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905405728262\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139833395230364\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139824993005633\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139843768401936\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905202427693\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139774054614965\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139889295732144\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139835815211508\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=140724451518351\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139808058921905\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139836085512508\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139869720529462\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905868529690\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139765756720506\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=140015787404650\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139824923705461\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139757919027752\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139774703817488\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905243827825\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=140075368411126\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905295427946\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139835844111589\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139757819327350\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139817685517037\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139905351928096\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139817782017443\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160512_00"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661"
          },
          {
            "trust": 1.1,
            "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf"
          },
          {
            "trust": 1.1,
            "url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59347"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59243"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59139"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
          },
          {
            "trust": 1.1,
            "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01"
          },
          {
            "trust": 1.1,
            "url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html"
          },
          {
            "trust": 1.1,
            "url": "http://support.citrix.com/article/ctx140605"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
          },
          {
            "trust": 1.1,
            "url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
          },
          {
            "trust": 1.1,
            "url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 1.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 1.1,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-0160"
          },
          {
            "trust": 0.8,
            "url": "http://seclists.org/oss-sec/2014/q2/22"
          },
          {
            "trust": 0.8,
            "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc6520"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/openssl-1.0.1-notes.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts-"
          },
          {
            "trust": 0.8,
            "url": "http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html"
          },
          {
            "trust": 0.8,
            "url": "http://xkcd.com/1354/"
          },
          {
            "trust": 0.8,
            "url": "http://www.exploit-db.com/exploits/32745/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2014-0160 "
          },
          {
            "trust": 0.8,
            "url": "http://www.ubuntu.com/usn/usn-2165-1/"
          },
          {
            "trust": 0.8,
            "url": "http://www.freshports.org/security/openssl/"
          },
          {
            "trust": 0.8,
            "url": "http://kb.bluecoat.com/index?page=content\u0026id=sa79"
          },
          {
            "trust": 0.8,
            "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid="
          },
          {
            "trust": 0.8,
            "url": "http://learn.extremenetworks.com/rs/extreme/images/cert_vu%23720951_vulnerability_advisory_04_11_2014v2.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.fortiguard.com/advisory/fg-ir-14-011/"
          },
          {
            "trust": 0.8,
            "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc"
          },
          {
            "trust": 0.8,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml"
          },
          {
            "trust": 0.8,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04239375"
          },
          {
            "trust": 0.8,
            "url": "http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?\u0026uid=swg21669774"
          },
          {
            "trust": 0.8,
            "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00037\u0026languageid=en-fr"
          },
          {
            "trust": 0.8,
            "url": "https://kb.juniper.net/jsa10623"
          },
          {
            "trust": 0.8,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10071"
          },
          {
            "trust": 0.8,
            "url": "http://mail-index.netbsd.org/security-announce/2014/04/08/msg000085.html"
          },
          {
            "trust": 0.8,
            "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.3/common/014_openssl.patch"
          },
          {
            "trust": 0.8,
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.533622"
          },
          {
            "trust": 0.8,
            "url": "http://kb.vmware.com/kb/2076225"
          },
          {
            "trust": 0.8,
            "url": "https://support.windriver.com/"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx"
          },
          {
            "trust": 0.8,
            "url": "https://forum.peplink.com/threads/3062-special-notice-on-openssl-heartbleed-vulnerability"
          },
          {
            "trust": 0.8,
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk100173"
          },
          {
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/av14-001.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140734-1.html"
          },
          {
            "trust": 0.3,
            "url": "rubygems.org/gems/actionpack"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036483"
          },
          {
            "trust": 0.3,
            "url": "http://puppetlabs.com/security/cve/cve-2013-6414"
          },
          {
            "trust": 0.3,
            "url": "http://rubygems.org/"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0008.html"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2013-1794.html"
          },
          {
            "trust": 0.3,
            "url": "http://puppetlabs.com/security/cve/cve-2014-0082"
          },
          {
            "trust": 0.3,
            "url": "http://weblog.rubyonrails.org/2014/2/18/rails_3_2_17_4_0_3_and_4_1_0_beta2_have_been_released/"
          },
          {
            "trust": 0.3,
            "url": "http://rubyonrails.org/"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0306.html"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0215.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4353"
          },
          {
            "trust": 0.2,
            "url": "http://www.hp.com/swpublishing/mtx-d1488fd987894bc4ab3fe0ef52"
          },
          {
            "trust": 0.2,
            "url": "http://www.hp.com/swpublishing/mtx-4575754bbb614b58bf0ae1ac37"
          },
          {
            "trust": 0.2,
            "url": "http://www.hp.com/swpublishing/mtx-bfd3c0fb11184796b9428ced37"
          },
          {
            "trust": 0.2,
            "url": "http://support.openview.hp.com/downloads.jsp"
          },
          {
            "trust": 0.2,
            "url": "http://www8.h"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "http://seclists.org/fulldisclosure/2019/jan/42"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/./dsa-2896"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
          },
          {
            "trust": 0.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-135-02"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2165-1/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450"
          },
          {
            "trust": 0.1,
            "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-3d92ccccf85f404e8ba36a8178"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-37075daeead2433cb41b59ae76"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-27e03b2f9cd24e77adc9dba94a"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/go/insightupdates"
          },
          {
            "trust": 0.1,
            "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0160.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4353.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/site/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0416.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-4929.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-41199f68c1144acb84a5798bf0"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-2e19c856f0e84e20a14c63ecd0"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lrvug_00092"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00051"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/pc_00299"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lranlsys_00074"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03305"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03329"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/pc_00296"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03307"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00052"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03315"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03306"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lranlsys_00075"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03328"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03332"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lrvug_00094"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03316"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03304"
          },
          {
            "trust": 0.1,
            "url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03333"
          },
          {
            "trust": 0.1,
            "url": "http://h18013.www1.hp.com/products/servers/management/agents/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://eprint.iacr.org/2014/140"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/support/eslg3"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-9c71e9ff82af4d1fbdea666d97"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-ade2403c9999459aa758e16d46"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-16533b4917c84c8c81b703f354"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/swpublishing/mtx-06eee9db0f4a40d98d8cb32421"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/p"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160"
          },
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          },
          {
            "db": "PACKETSTORM",
            "id": "126605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126954"
          },
          {
            "db": "PACKETSTORM",
            "id": "126284"
          },
          {
            "db": "PACKETSTORM",
            "id": "126361"
          },
          {
            "db": "PACKETSTORM",
            "id": "126197"
          },
          {
            "db": "PACKETSTORM",
            "id": "126417"
          },
          {
            "db": "PACKETSTORM",
            "id": "126305"
          },
          {
            "db": "PACKETSTORM",
            "id": "126644"
          },
          {
            "db": "PACKETSTORM",
            "id": "126164"
          },
          {
            "db": "PACKETSTORM",
            "id": "126086"
          },
          {
            "db": "PACKETSTORM",
            "id": "126045"
          },
          {
            "db": "PACKETSTORM",
            "id": "127279"
          },
          {
            "db": "PACKETSTORM",
            "id": "127085"
          },
          {
            "db": "PACKETSTORM",
            "id": "126784"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#720951",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0160",
            "ident": null
          },
          {
            "db": "BID",
            "id": "64074",
            "ident": null
          },
          {
            "db": "BID",
            "id": "65604",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126605",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126954",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126284",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126361",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126197",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126417",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126305",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126644",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126164",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126086",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126045",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "127279",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "127085",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126784",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0160",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-04-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#720951",
            "ident": null
          },
          {
            "date": "2014-04-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0160",
            "ident": null
          },
          {
            "date": "2013-12-02T00:00:00",
            "db": "BID",
            "id": "64074",
            "ident": null
          },
          {
            "date": "2014-02-18T00:00:00",
            "db": "BID",
            "id": "65604",
            "ident": null
          },
          {
            "date": "2014-05-13T18:24:00",
            "db": "PACKETSTORM",
            "id": "126605",
            "ident": null
          },
          {
            "date": "2014-06-05T21:02:31",
            "db": "PACKETSTORM",
            "id": "126954",
            "ident": null
          },
          {
            "date": "2014-04-23T21:25:00",
            "db": "PACKETSTORM",
            "id": "126284",
            "ident": null
          },
          {
            "date": "2014-04-28T20:36:00",
            "db": "PACKETSTORM",
            "id": "126361",
            "ident": null
          },
          {
            "date": "2014-04-17T22:02:09",
            "db": "PACKETSTORM",
            "id": "126197",
            "ident": null
          },
          {
            "date": "2014-05-01T02:16:33",
            "db": "PACKETSTORM",
            "id": "126417",
            "ident": null
          },
          {
            "date": "2014-04-24T22:21:23",
            "db": "PACKETSTORM",
            "id": "126305",
            "ident": null
          },
          {
            "date": "2014-05-16T04:40:57",
            "db": "PACKETSTORM",
            "id": "126644",
            "ident": null
          },
          {
            "date": "2014-04-15T23:01:44",
            "db": "PACKETSTORM",
            "id": "126164",
            "ident": null
          },
          {
            "date": "2014-04-09T22:48:55",
            "db": "PACKETSTORM",
            "id": "126086",
            "ident": null
          },
          {
            "date": "2014-04-07T22:44:13",
            "db": "PACKETSTORM",
            "id": "126045",
            "ident": null
          },
          {
            "date": "2014-06-30T23:47:20",
            "db": "PACKETSTORM",
            "id": "127279",
            "ident": null
          },
          {
            "date": "2014-06-13T13:31:03",
            "db": "PACKETSTORM",
            "id": "127085",
            "ident": null
          },
          {
            "date": "2014-05-23T13:13:00",
            "db": "PACKETSTORM",
            "id": "126784",
            "ident": null
          },
          {
            "date": "2014-04-07T22:55:03.893000",
            "db": "NVD",
            "id": "CVE-2014-0160",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-05-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#720951",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0160",
            "ident": null
          },
          {
            "date": "2015-04-13T21:20:00",
            "db": "BID",
            "id": "64074",
            "ident": null
          },
          {
            "date": "2015-04-13T21:44:00",
            "db": "BID",
            "id": "65604",
            "ident": null
          },
          {
            "date": "2025-10-22T01:15:53.233000",
            "db": "NVD",
            "id": "CVE-2014-0160",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "64074"
          },
          {
            "db": "BID",
            "id": "65604"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "OpenSSL TLS heartbeat extension read overflow discloses sensitive information",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#720951"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "64074"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200510-0403

    Vulnerability from variot - Updated: 2026-04-10 22:16

    Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. Apple QuickTime fails to properly handle JPEG images. Apple Quicktime Has multiple vulnerabilities. For more information, see the information provided by the vendor. These issues affect both Mac OS X and Microsoft Windows releases of the software. Successful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. CVE-2006-1461 An attacker can create a specially crafted Flash movie to trigger a buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1462, CVE-2006-1463 An attacker can create a specially crafted H.264 movie to trigger integer overflow or buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1464 An attacker can create a specially crafted MPEG4 movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1465 An attacker can create a specially crafted AVI movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1453, CVE-2006-1454 QuickDraw has two vulnerabilities when processing malformed PICT files. Malformed font information may cause stack overflow, and malformed graphics data may cause heap overflow. An attacker can create specially crafted PICT graphics. CVE-2006-2238 An attacker can create a specially crafted BMP graphic to trigger a buffer overflow, causing arbitrary commands to be executed with user privileges or denial of service.

    TITLE: Mandriva update for ruby

    SECUNIA ADVISORY ID: SA17285

    VERIFY ADVISORY: http://secunia.com/advisories/17285/

    CRITICAL: Moderately critical

    IMPACT: Security Bypass

    WHERE:

    From remote

    OPERATING SYSTEM: Mandrake Corporate Server 2.x http://secunia.com/product/1222/ Mandrakelinux 10.1 http://secunia.com/product/4198/

    DESCRIPTION: Mandriva has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

    For more information: SA16904

    SOLUTION: Apply updated packages.

    Mandrakelinux 10.1:

    013e98f0b0a09acd8c48b5d438c4e151 10.1/RPMS/ruby-1.8.1-4.4.101mdk.i586.rpm 479e965b6302bd0e74b8699f0a7b9f46 10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.i586.rpm b5654a6d4bab0b5a33e3e65fdb8bab52 10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.i586.rpm 2294bfd6f57ebc2cc6eb353e4a62a4b5 10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.i586.rpm 5407dfbbb45af31d3ffa53f120773f77 10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm

    Mandrakelinux 10.1/X86_64:

    b8347f871a62a176f049cbe010e298ce x86_64/10.1/RPMS/ruby-1.8.1-4.4.101mdk.x86_64.rpm b9ac7ecba0bc317869795146cf3cc5a4 x86_64/10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.x86_64.rpm 7803195d658cdf63324f8bf54753018e x86_64/10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.x86_64.rpm 0f6cb61b12453673ef4a7fb99b6069af x86_64/10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.x86_64.rpm 5407dfbbb45af31d3ffa53f120773f77 x86_64/10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm

    Corporate Server 2.1:

    2aa9219b24bbcf8673df418eb373881b corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.i586.rpm e5b4282401bf2c0794d14b52d7c6c319 corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.i586.rpm e72d411868d4ca8d7a05ba2e0baee926 corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.i586.rpm c795d629e28719f7fe1e8a1619805fdc corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.i586.rpm 61457cb16d1b24e1c31a10c687af94ef corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm

    Corporate Server 2.1/X86_64:

    d477751b1302ec7c5f271fe9597216fa x86_64/corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.x86_64.rpm b7ac888d722dc6fb8c5b9b9207e34ea3 x86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.x86_64.rpm 27a29077b76158382c514b965fdf614f x86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.x86_64.rpm 0e4752d11d67acdabc4561c37c41511e x86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.x86_64.rpm 61457cb16d1b24e1c31a10c687af94ef x86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm

    ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2005:191

    OTHER REFERENCES: SA16904: http://secunia.com/advisories/16904/


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "quicktime",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "quicktime",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apple",
            "version": "7.0.3"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ruby",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "_id": null,
            "model": "quicktime",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "apple",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.3"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.5.2"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.5.1"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6"
          },
          {
            "_id": null,
            "model": "quicktime player",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.1"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#160012"
          },
          {
            "db": "CERT/CC",
            "id": "VU#289705"
          },
          {
            "db": "BID",
            "id": "17953"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000965"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-1458"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apple:quicktime",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000965"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Mike PriceATmaCA  atmaca@atmacasoft.com http://www.zerodayinitiative.com/ Sowhat  smaillist@gmail.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-060"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-1458",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CVE-2006-1458",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "VHN-17566",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-1458",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#160012",
                "trust": 0.8,
                "value": "2.57"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#289705",
                "trust": 0.8,
                "value": "17.71"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-1458",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200510-060",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-17566",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#160012"
          },
          {
            "db": "CERT/CC",
            "id": "VU#289705"
          },
          {
            "db": "VULHUB",
            "id": "VHN-17566"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000965"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-1458"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. Apple QuickTime fails to properly handle JPEG images. Apple Quicktime Has multiple vulnerabilities. For more information, see the information provided by the vendor. These issues affect both Mac OS X and Microsoft Windows releases of the software. \nSuccessful exploits will result in the execution of arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. CVE-2006-1461 An attacker can create a specially crafted Flash movie to trigger a buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1462, CVE-2006-1463 An attacker can create a specially crafted H.264 movie to trigger integer overflow or buffer overflow, resulting in arbitrary command execution with user privileges or denial of service. CVE-2006-1464 An attacker can create a specially crafted MPEG4 movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1465 An attacker can create a specially crafted AVI movie to trigger a buffer overflow, resulting in arbitrary command execution or denial of service with user privileges. CVE-2006-1453, CVE-2006-1454 QuickDraw has two vulnerabilities when processing malformed PICT files. Malformed font information may cause stack overflow, and malformed graphics data may cause heap overflow. An attacker can create specially crafted PICT graphics. CVE-2006-2238 An attacker can create a specially crafted BMP graphic to trigger a buffer overflow, causing arbitrary commands to be executed with user privileges or denial of service. \n\nTITLE:\nMandriva update for ruby\n\nSECUNIA ADVISORY ID:\nSA17285\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17285/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nMandrake Corporate Server 2.x\nhttp://secunia.com/product/1222/\nMandrakelinux 10.1\nhttp://secunia.com/product/4198/\n\nDESCRIPTION:\nMandriva has issued an update for ruby. This fixes a vulnerability,\nwhich can be exploited by malicious people to bypass certain security\nrestrictions. \n\nFor more information:\nSA16904\n\nSOLUTION:\nApply updated packages. \n\nMandrakelinux 10.1:\n\n013e98f0b0a09acd8c48b5d438c4e151\n10.1/RPMS/ruby-1.8.1-4.4.101mdk.i586.rpm\n479e965b6302bd0e74b8699f0a7b9f46\n10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.i586.rpm\nb5654a6d4bab0b5a33e3e65fdb8bab52\n10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.i586.rpm\n2294bfd6f57ebc2cc6eb353e4a62a4b5\n10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.i586.rpm\n5407dfbbb45af31d3ffa53f120773f77\n10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm\n\nMandrakelinux 10.1/X86_64:\n\nb8347f871a62a176f049cbe010e298ce\nx86_64/10.1/RPMS/ruby-1.8.1-4.4.101mdk.x86_64.rpm\nb9ac7ecba0bc317869795146cf3cc5a4\nx86_64/10.1/RPMS/ruby-devel-1.8.1-4.4.101mdk.x86_64.rpm\n7803195d658cdf63324f8bf54753018e\nx86_64/10.1/RPMS/ruby-doc-1.8.1-4.4.101mdk.x86_64.rpm\n0f6cb61b12453673ef4a7fb99b6069af\nx86_64/10.1/RPMS/ruby-tk-1.8.1-4.4.101mdk.x86_64.rpm\n5407dfbbb45af31d3ffa53f120773f77\nx86_64/10.1/SRPMS/ruby-1.8.1-4.4.101mdk.src.rpm\n\nCorporate Server 2.1:\n\n2aa9219b24bbcf8673df418eb373881b\ncorporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.i586.rpm\ne5b4282401bf2c0794d14b52d7c6c319\ncorporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.i586.rpm\ne72d411868d4ca8d7a05ba2e0baee926\ncorporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.i586.rpm\nc795d629e28719f7fe1e8a1619805fdc\ncorporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.i586.rpm\n61457cb16d1b24e1c31a10c687af94ef\ncorporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm\n\nCorporate Server 2.1/X86_64:\n\nd477751b1302ec7c5f271fe9597216fa\nx86_64/corporate/2.1/RPMS/ruby-1.6.7-5.3.C21mdk.x86_64.rpm\nb7ac888d722dc6fb8c5b9b9207e34ea3\nx86_64/corporate/2.1/RPMS/ruby-devel-1.6.7-5.3.C21mdk.x86_64.rpm\n27a29077b76158382c514b965fdf614f\nx86_64/corporate/2.1/RPMS/ruby-doc-1.6.7-5.3.C21mdk.x86_64.rpm\n0e4752d11d67acdabc4561c37c41511e\nx86_64/corporate/2.1/RPMS/ruby-tk-1.6.7-5.3.C21mdk.x86_64.rpm\n61457cb16d1b24e1c31a10c687af94ef\nx86_64/corporate/2.1/SRPMS/ruby-1.6.7-5.3.C21mdk.src.rpm\n\nORIGINAL ADVISORY:\nhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:191\n\nOTHER REFERENCES:\nSA16904:\nhttp://secunia.com/advisories/16904/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-1458"
          },
          {
            "db": "CERT/CC",
            "id": "VU#160012"
          },
          {
            "db": "CERT/CC",
            "id": "VU#289705"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000965"
          },
          {
            "db": "BID",
            "id": "17953"
          },
          {
            "db": "VULHUB",
            "id": "VHN-17566"
          },
          {
            "db": "PACKETSTORM",
            "id": "40845"
          }
        ],
        "trust": 3.51
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-1458",
            "trust": 2.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#289705",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "17953",
            "trust": 2.2
          },
          {
            "db": "SECUNIA",
            "id": "20069",
            "trust": 1.9
          },
          {
            "db": "USCERT",
            "id": "TA06-132B",
            "trust": 1.9
          },
          {
            "db": "SECTRACK",
            "id": "1016067",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "16904",
            "trust": 1.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#160012",
            "trust": 1.4
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-1778",
            "trust": 1.1
          },
          {
            "db": "XF",
            "id": "26391",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000965",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-060",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "17285",
            "trust": 0.7
          },
          {
            "db": "SECUNIA",
            "id": "17094",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "17147",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "17129",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "20077",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "17098",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "19130",
            "trust": 0.6
          },
          {
            "db": "DEBIAN",
            "id": "DSA-860",
            "trust": 0.6
          },
          {
            "db": "DEBIAN",
            "id": "DSA-862",
            "trust": 0.6
          },
          {
            "db": "DEBIAN",
            "id": "DSA-864",
            "trust": 0.6
          },
          {
            "db": "APPLE",
            "id": "APPLE-SA-2006-05-11",
            "trust": 0.6
          },
          {
            "db": "SECTRACK",
            "id": "1014948",
            "trust": 0.6
          },
          {
            "db": "SUSE",
            "id": "SUSE-SR:2006:005",
            "trust": 0.6
          },
          {
            "db": "USCERT",
            "id": "TA06-132A",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "17951",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "14909",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "22360",
            "trust": 0.6
          },
          {
            "db": "GENTOO",
            "id": "GLSA-200510-05",
            "trust": 0.6
          },
          {
            "db": "SREASON",
            "id": "59",
            "trust": 0.6
          },
          {
            "db": "CERT/CC",
            "id": "TA06-132A",
            "trust": 0.6
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-1779",
            "trust": 0.6
          },
          {
            "db": "MANDRIVA",
            "id": "MDKSA-2005:191",
            "trust": 0.6
          },
          {
            "db": "UBUNTU",
            "id": "USN-195-1",
            "trust": 0.6
          },
          {
            "db": "REDHAT",
            "id": "RHSA-2005:799",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-17566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40845",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#160012"
          },
          {
            "db": "CERT/CC",
            "id": "VU#289705"
          },
          {
            "db": "VULHUB",
            "id": "VHN-17566"
          },
          {
            "db": "BID",
            "id": "17953"
          },
          {
            "db": "PACKETSTORM",
            "id": "40845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000965"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-1458"
          }
        ]
      },
      "id": "VAR-200510-0403",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-17566"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T22:16:12.939000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "TA24130",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/TA24130"
          },
          {
            "title": "TA24130",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/TA24130?viewlocale=ja_JP"
          },
          {
            "title": "TA06-132B",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta06-132b.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000965"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-189",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-17566"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-1458"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "http://www.securityfocus.com/bid/17953"
          },
          {
            "trust": 1.9,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-132b.html"
          },
          {
            "trust": 1.9,
            "url": "http://www.kb.cert.org/vuls/id/289705"
          },
          {
            "trust": 1.9,
            "url": "http://securitytracker.com/id?1016067"
          },
          {
            "trust": 1.9,
            "url": "http://secunia.com/advisories/20069"
          },
          {
            "trust": 1.4,
            "url": "http://www.ruby-lang.org/en/20051003.html"
          },
          {
            "trust": 1.4,
            "url": "http://jvn.jp/jp/jvn%2362914675/index.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.apple.com/archives/security-announce/2006/may/msg00002.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/1778"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26391"
          },
          {
            "trust": 0.9,
            "url": "http://secunia.com/advisories/16904/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rubycentral.com/book/taint.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.apple.com/support/downloads/quicktime71.html "
          },
          {
            "trust": 0.8,
            "url": "http://docs.info.apple.com/article.html?artnum=303752 "
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1458"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/1778"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/26391"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-132b/"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-1458"
          },
          {
            "trust": 0.7,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2005:191"
          },
          {
            "trust": 0.6,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-132a.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.kb.cert.org/vuls/id/160012"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/16904"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/22360"
          },
          {
            "trust": 0.6,
            "url": "http://www.ubuntu.com/usn/usn-195-1"
          },
          {
            "trust": 0.6,
            "url": "http://www.securitytracker.com/alerts/2005/sep/1014948.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/17951"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/14909"
          },
          {
            "trust": 0.6,
            "url": "http://www.redhat.com/support/errata/rhsa-2005-799.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2006/1779"
          },
          {
            "trust": 0.6,
            "url": "http://www.debian.org/security/2005/dsa-864"
          },
          {
            "trust": 0.6,
            "url": "http://www.debian.org/security/2005/dsa-862"
          },
          {
            "trust": 0.6,
            "url": "http://www.debian.org/security/2005/dsa-860"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/20077"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/19130"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/17285"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/17147"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/17129"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/17098"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/17094"
          },
          {
            "trust": 0.6,
            "url": "http://lists.apple.com/archives/security-announce/2006/may/msg00003.html"
          },
          {
            "trust": 0.6,
            "url": "http://securityreason.com/securityalert/59"
          },
          {
            "trust": 0.3,
            "url": "http://docs.info.apple.com/article.html?artnum=303752"
          },
          {
            "trust": 0.3,
            "url": "http://www.apple.com/quicktime/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/433850"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/433810"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/433828"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/4198/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/17285/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/1222/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#160012"
          },
          {
            "db": "CERT/CC",
            "id": "VU#289705"
          },
          {
            "db": "VULHUB",
            "id": "VHN-17566"
          },
          {
            "db": "BID",
            "id": "17953"
          },
          {
            "db": "PACKETSTORM",
            "id": "40845"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000965"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-1458"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#160012",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#289705",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-17566",
            "ident": null
          },
          {
            "db": "BID",
            "id": "17953",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "40845",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-060",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000965",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2006-1458",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2005-10-05T00:00:00",
            "db": "CERT/CC",
            "id": "VU#160012",
            "ident": null
          },
          {
            "date": "2006-05-12T00:00:00",
            "db": "CERT/CC",
            "id": "VU#289705",
            "ident": null
          },
          {
            "date": "2006-05-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-17566",
            "ident": null
          },
          {
            "date": "2006-05-11T00:00:00",
            "db": "BID",
            "id": "17953",
            "ident": null
          },
          {
            "date": "2005-10-24T22:35:49",
            "db": "PACKETSTORM",
            "id": "40845",
            "ident": null
          },
          {
            "date": "2005-10-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200510-060",
            "ident": null
          },
          {
            "date": "2009-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000965",
            "ident": null
          },
          {
            "date": "2006-05-12T20:06:00",
            "db": "NVD",
            "id": "CVE-2006-1458",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2005-12-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#160012",
            "ident": null
          },
          {
            "date": "2006-05-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#289705",
            "ident": null
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-17566",
            "ident": null
          },
          {
            "date": "2006-05-15T22:29:00",
            "db": "BID",
            "id": "17953",
            "ident": null
          },
          {
            "date": "2007-01-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200510-060",
            "ident": null
          },
          {
            "date": "2009-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000965",
            "ident": null
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2006-1458",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-060"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Ruby safe-level security model bypass",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#160012"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "digital error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-060"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201112-0123

    Vulnerability from variot - Updated: 2026-04-10 21:53

    Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. Oracle GlassFish Server 3.1.1 and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7

    Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available and addresses the following:

    Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3 Impact: Multiple vulnerabilities in Java 1.6.0_29 Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507

    Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

    For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667

    For OS X Lion systems The download file is named: JavaForOSX.dmg Its SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16

    Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

    iQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx VnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh 7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc Fo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA wjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd V7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU= =Pf96 -----END PGP SIGNATURE----- .

    Release Date: 2012-03-26 Last Updated: 2012-04-02


    Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has provided the following Java version upgrades to resolve these vulnerabilities. The upgrades are available from the following location

    http://www.hp.com/go/java

    HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.14 or subsequent

    MANUAL ACTIONS: Yes - Update For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent

    PRODUCT SPECIFIC INFORMATION

    HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

    The following text is for use by the HP-UX Software Assistant.

    AFFECTED VERSIONS

    HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.14.00 or subsequent

    END AFFECTED VERSIONS

    HISTORY Version:1 (rev.1) 27 March 2012 Initial release Version:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. ============================================================================ Ubuntu Security Notice USN-1373-2 March 01, 2012

    openjdk-6b18 vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 11.04
    • Ubuntu 10.10
    • Ubuntu 10.04 LTS

    Summary:

    Multiple vulnerabilities in OpenJDK 6 for the ARM architecture have been fixed.

    Software Description: - openjdk-6b18: Open Source Java implementation

    Details:

    USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. (CVE-2012-0497)

    It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0507)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 11.04: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1

    Ubuntu 10.10: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1

    Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1

    After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:0135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0135.html Issue date: 2012-02-14 CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 =====================================================================

    1. Summary:

    Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.

    The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

    1. Description:

    These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.

    It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)

    It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505)

    The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571)

    It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503)

    The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035)

    The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563)

    A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502)

    It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506)

    An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)

    Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.

    This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information.

    All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

    1. Solution:

    Before applying this update, make sure all previously-released errata relevant to your system have been applied.

    This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

    1. Bugs fixed (http://bugzilla.redhat.com/):

    788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)

    1. Package List:

    Red Hat Enterprise Linux Desktop (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm

    i386: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm

    x86_64: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Desktop Optional (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm

    i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm

    x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm

    Red Hat Enterprise Linux HPC Node (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm

    x86_64: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm

    Red Hat Enterprise Linux HPC Node Optional (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm

    x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm

    i386: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm

    x86_64: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm

    i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm

    x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm

    i386: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm

    x86_64: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 6):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm

    i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm

    x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-3571.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0497.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

    iD8DBQFPOwEiXlSAg2UNWIIRAnYKAKCorWMpTAsiiuJ4uSywvmAym2EK0wCfa/8B lhqpUTdPMNmgswBpMj4pV/M= =9liL -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

    Fix in AtomicReferenceArray (CVE-2011-3571).

    Multiple unspecified vulnerabilities allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500).

    Issues with some KeyboardFocusManager method (CVE-2012-0502).

    Issues with TimeZone class (CVE-2012-0503).

    Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505).

    Issues with some method in corba (CVE-2012-0506). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

    iD8DBQFPPnJ1mqjQ0CJFipgRAsShAJ9uLjzWi9Y8x/myvScmQfUPwRh8RACg22f9 NSDNWCT+JqEyYHUExPAwR58= =cwgS -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30


                                            http://security.gentoo.org/
    

    Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30


    Synopsis

    Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.

    Background

    The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform).

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages

    Description

    Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details.

    Impact

    An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Oracle JDK 1.7 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"

    All Oracle JRE 1.7 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"

    All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:

    # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"

    All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea.

    NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.

    References

    [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201401-30.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "glassfish server",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "oracle",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "glassfish server",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "oracle",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "glassfish server",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "oracle",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "communications server",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "oracle",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "oracle",
            "version": "10.3.4"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "oracle",
            "version": "9.2.4"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "oracle",
            "version": "10.0.2"
          },
          {
            "_id": null,
            "model": "glassfish server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 03",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 17",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 18",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 22",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 28",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 14",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 21",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 20",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 07",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 18",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 19",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 03",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 17",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.7.0 2",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.7.0 2",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 14",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 04",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 25",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 27",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 15",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 30",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 12",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.7"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 02",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 01",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 19",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 15",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 07",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 28",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 23",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 11",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 13",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 02",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 05",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 26",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 21",
            "scope": null,
            "trust": 0.9,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 24",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 06",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 11",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk 10",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jdk",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "oracle",
            "version": "1.7"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 22",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 24",
            "scope": null,
            "trust": 0.9,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 13",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache tomcat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ruby",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "the php group",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.6.8"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.7.3"
          },
          {
            "_id": null,
            "model": "mac os x server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.6.8"
          },
          {
            "_id": null,
            "model": "mac os x server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.7.3"
          },
          {
            "_id": null,
            "model": "java system web server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "10g r3 (10.1.3.5.0)"
          },
          {
            "_id": null,
            "model": "iplanet web server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "jrockit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "27.7.1"
          },
          {
            "_id": null,
            "model": "jrockit",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "28.2.2"
          },
          {
            "_id": null,
            "model": "sun java system application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "sun java system application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11gr1 (10.3.3"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "10.3.5)"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "12cr1 (12.1.1)"
          },
          {
            "_id": null,
            "model": "hp xp p9000 performance advisor software",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "5.4.1"
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "enterprise version 6"
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "standard version 6"
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "version 5"
          },
          {
            "_id": null,
            "model": "cosminexus client",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "version 6"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "light version 6"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "professional version 6"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "standard version 6"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "version 5"
          },
          {
            "_id": null,
            "model": "cosminexus developer\u0027s kit for java",
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus primary server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "base"
          },
          {
            "_id": null,
            "model": "cosminexus server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "- standard edition version 4"
          },
          {
            "_id": null,
            "model": "cosminexus server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "- web edition version 4"
          },
          {
            "_id": null,
            "model": "cosminexus studio",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "- standard edition version 4"
          },
          {
            "_id": null,
            "model": "cosminexus studio",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "- web edition version 4"
          },
          {
            "_id": null,
            "model": "cosminexus studio",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "version 5"
          },
          {
            "_id": null,
            "model": "hirdb for java /xml",
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "developer\u0027s kit for java",
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "processing kit for xml",
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "enterprise"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "express"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "light"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "smart edition"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "standard"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "standard-r"
          },
          {
            "_id": null,
            "model": "ucosminexus client",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "none"
          },
          {
            "_id": null,
            "model": "ucosminexus client",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "for plug-in"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "light"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "professional"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "professional for plug-in"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "standard"
          },
          {
            "_id": null,
            "model": "ucosminexus operator",
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus portal framework",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "entry set"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "base"
          },
          {
            "_id": null,
            "model": "ucosminexus service",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "architect"
          },
          {
            "_id": null,
            "model": "ucosminexus service",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "platform"
          },
          {
            "_id": null,
            "model": "ucosminexus service",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "platform - messaging"
          },
          {
            "_id": null,
            "model": "internet navigware server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage application development cycle manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage application framework suite",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "none"
          },
          {
            "_id": null,
            "model": "interstage application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "plus developer / apworks / studio"
          },
          {
            "_id": null,
            "model": "interstage business application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage form coordinator workflow",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage job workload server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage list manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage list works",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage service integrator",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage shunsaku data manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage web server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage xml business activity recorder",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "serverview",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "resource orchestrator cloud edition"
          },
          {
            "_id": null,
            "model": "success server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker availability view",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker desktop inspection",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker it change manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker it process master",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker operation manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker runbook automation",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker service catalog manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker service quality coordinator",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker software configuration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 01-b06",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "jre 1.6.0 2",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 01",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "jre 1.6.0 20",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.5.0"
          },
          {
            "_id": null,
            "model": "jrockit r28.2.2",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "java se sr8 fp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "java system web server sp9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux enterprise sdk sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.0-50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5.015"
          },
          {
            "_id": null,
            "model": "processing kit for xml",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.16.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.19.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux as extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "jdk 01",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6"
          },
          {
            "_id": null,
            "model": "cosminexus studio web edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.15.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.06"
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "java ibm 64-bit sdk for z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.06.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk and jre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "java system web server sp7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "nonstop server j06.14",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.2",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jrockit r27.6.5",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.8"
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.26",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "glassfish server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.04.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system platform sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.13",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.10"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "enterprise linux extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.04",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "iplanet web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ucosminexus operator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.2"
          },
          {
            "_id": null,
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "aura application server sip core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "53002.0"
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0.0.52"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "java system application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.18.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.15.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.22.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.014"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.12.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ir",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.9",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.05.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.011"
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jrockit r27.6.3",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "nonstop server j06.16",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus client for plug-in",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "java se sr6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "nonstop server j6.0.14.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop supplementary",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "jrockit r27.1.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "010"
          },
          {
            "_id": null,
            "model": "enterprise linux supplementary server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "glassfish server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "jrockit r28.1.4",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.07.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java system web server sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "jrockit r28.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.10.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.6",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.06.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.012"
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "nonstop server h06.24.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.8",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.25",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java system web server sp8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "messaging storage server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.04"
          },
          {
            "_id": null,
            "model": "ucosminexus application server light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.15.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java system web server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "jrockit r27.7.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "java system web server sp10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "glassfish server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "enterprise linux ws extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "java se sr9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "jrockit r28.1.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "_id": null,
            "model": "nonstop server j06.07.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux es extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "message networking sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "linux enterprise server for vmware sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "xp p9000 performance advisor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.5.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.010"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.013"
          },
          {
            "_id": null,
            "model": "java system web server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.4",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.04",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "aura system manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "messaging storage server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.015"
          },
          {
            "_id": null,
            "model": "nonstop server h06.15.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.24",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.018"
          },
          {
            "_id": null,
            "model": "cosminexus primary server base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.019"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "_id": null,
            "model": "nonstop server h06.16.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional for plug-in",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.18.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.20.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server supplementary",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "java ibm 31-bit sdk for z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "_id": null,
            "model": "nonstop server j06.13.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "nonstop server h06.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "nonstop server h06.19.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java se sr7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "communication manager sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "_id": null,
            "model": "esx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "nonstop server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6"
          },
          {
            "_id": null,
            "model": "jrockit r28.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "call management system r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "15.0"
          },
          {
            "_id": null,
            "model": "glassfish server ur1 po1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation supplementary",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.3"
          },
          {
            "_id": null,
            "model": "nonstop server h06.22.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "jrockit r28.1.3",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          },
          {
            "_id": null,
            "model": "communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.2"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "weblogic server 11gr1",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.020"
          },
          {
            "_id": null,
            "model": "iplanet webserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "cosminexus studio standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.19.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.03"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "glassfish server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.6"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.7"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.05"
          },
          {
            "_id": null,
            "model": "linux enterprise sdk sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "nonstop server j06.11.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java se sr9-fp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "java system web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "virtual desktop infrastructure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.15",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "_id": null,
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "glassfish server ur1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.21.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jrockit r27.6.7",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "_id": null,
            "model": "nonstop server h06.20.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.3"
          },
          {
            "_id": null,
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational synergy",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.3"
          },
          {
            "_id": null,
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "jrockit r27.6.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-80"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "cosminexus client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "glassfish server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          },
          {
            "_id": null,
            "model": "messaging storage server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.05.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java system web server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "application server 10g r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.5.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.07.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "java system application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "nonstop server h06.21.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.19.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux enterprise java sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "xp p9000 performance advisor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.4.1"
          },
          {
            "_id": null,
            "model": "ucosminexus application server smart edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.7"
          },
          {
            "_id": null,
            "model": "nonstop server j06.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.26.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura presence services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "proactive contact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.021"
          },
          {
            "_id": null,
            "model": "jdk and jre",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "desktop extras",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "nonstop server j06.04.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura conferencing sp1 standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "java se sr5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.04.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "_id": null,
            "model": "nonstop server j06.06.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.016"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "_id": null,
            "model": "nonstop server h06.21.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java se",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.07"
          },
          {
            "_id": null,
            "model": "nonstop server j06.06.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.17.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "_id": null,
            "model": "call management system r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "16.0"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "network node manager i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "aura system platform sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "jdk 1.6.0 01-b06",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "rational synergy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.2"
          },
          {
            "_id": null,
            "model": "virtual desktop infrastructure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "nonstop server h06.20.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "conferencing standard edition",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.10.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "nonstop server h06.17.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "jdk update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.6.017"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node supplementary",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop supplementary client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "java system web server sp11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "nonstop server h06.16.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "rational synergy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.5"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.4"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "aura system platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "_id": null,
            "model": "java system web server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "nonstop server j06.05.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7"
          },
          {
            "_id": null,
            "model": "linux enterprise java sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "java se sr1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "nonstop server h06.20.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer no version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "_id": null,
            "model": "nonstop server j06.09.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop sp1 for sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "nonstop server h06.17.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.08.03",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "iq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "aura conferencing standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational synergy",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.6"
          },
          {
            "_id": null,
            "model": "nonstop server j06.10.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java system web server sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "nonstop server h06.25.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server h06.18.01",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server no version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.60"
          },
          {
            "_id": null,
            "model": "nonstop server h06.27",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "java se sr10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6"
          },
          {
            "_id": null,
            "model": "nonstop server h06.17.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "nonstop server j06.14.02",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.2"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "BID",
            "id": "51194"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5035"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:java_system_web_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:communications_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:glassfish_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:iplanet_web_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:jrockit",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:java_system_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:weblogic_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hp:xp_9000_performance_advisor_software",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_client",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_shunsaku_data_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:serverview",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:success_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Alexander Klink, n.runs AG and Julian W?lde, Technische Universit?t Darmstadt",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-500"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2011-5035",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2011-5035",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-5035",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#903934",
                "trust": 0.8,
                "value": "10.80"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-5035",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201112-502",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2011-5035",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-5035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5035"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. \nOracle GlassFish Server 3.1.1 and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-04-03-1 Java for OS X 2012-001 and\nJava for Mac OS X 10.6 Update 7\n\nJava for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now\navailable and addresses the following:\n\nJava\nAvailable for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7.3, OS X Lion Server v10.7.3\nImpact:  Multiple vulnerabilities in Java 1.6.0_29\nDescription:  Multiple vulnerabilities exist in Java 1.6.0_29, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. Visiting a web page\ncontaining a maliciously crafted untrusted Java applet may lead to\narbitrary code execution with the privileges of the current user. \nThese issues are addressed by updating to Java version 1.6.0_31. \nFurther information is available via the Java website at http://www.o\nracle.com/technetwork/java/javase/releasenotes-136954.html\nCVE-ID\nCVE-2011-3563\nCVE-2011-5035\nCVE-2012-0497\nCVE-2012-0498\nCVE-2012-0499\nCVE-2012-0500\nCVE-2012-0501\nCVE-2012-0502\nCVE-2012-0503\nCVE-2012-0505\nCVE-2012-0506\nCVE-2012-0507\n\n\nJava for OS X 2012-001 and Java for Mac OS X 10.6 Update 7\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667\n\nFor OS X Lion systems\nThe download file is named: JavaForOSX.dmg\nIts SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx\nVnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh\n7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc\nFo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA\nwjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd\nV7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU=\n=Pf96\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-03-26\nLast Updated: 2012-04-02\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-3563    (AV:N/AC:L/Au:N/C:P/I:N/A:P)        6.4\nCVE-2011-5035    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2012-0497    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2012-0498    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2012-0499    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2012-0500    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2012-0501    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2012-0502    (AV:N/AC:L/Au:N/C:P/I:N/A:P)        6.4\nCVE-2012-0503    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2012-0504    (AV:N/AC:M/Au:N/C:C/I:C/A:C)        9.3\nCVE-2012-0505    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2012-0506    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2012-0507    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.14 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.14.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 27 March 2012 Initial release\nVersion:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets. ============================================================================\nUbuntu Security Notice USN-1373-2\nMarch 01, 2012\n\nopenjdk-6b18 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple vulnerabilities in OpenJDK 6 for the ARM architecture have\nbeen fixed. \n\nSoftware Description:\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nUSN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS,\nUbuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM\n(armel). This provides the corresponding OpenJDK 6 update for use\nwith the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. A remote attacker could\n cause a denial of service by sending special requests that trigger\n hash collisions predictably. This may be increased\n by adjusting the sun.net.httpserver.maxReqHeaders property. (CVE-2012-0497)\n \n It was discovered that an off-by-one error exists in the Java ZIP\n file processing code. An attacker could us this to cause a denial of\n service through a maliciously crafted ZIP file. (CVE-2012-0507)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.04:\n  icedtea-6-jre-cacao             6b18-1.8.13-0ubuntu1~11.04.1\n  icedtea-6-jre-jamvm             6b18-1.8.13-0ubuntu1~11.04.1\n  openjdk-6-jre                   6b18-1.8.13-0ubuntu1~11.04.1\n  openjdk-6-jre-headless          6b18-1.8.13-0ubuntu1~11.04.1\n  openjdk-6-jre-zero              6b18-1.8.13-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n  icedtea-6-jre-cacao             6b18-1.8.13-0ubuntu1~10.10.1\n  openjdk-6-jre                   6b18-1.8.13-0ubuntu1~10.10.1\n  openjdk-6-jre-headless          6b18-1.8.13-0ubuntu1~10.10.1\n  openjdk-6-jre-zero              6b18-1.8.13-0ubuntu1~10.10.1\n\nUbuntu 10.04 LTS:\n  icedtea-6-jre-cacao             6b18-1.8.13-0ubuntu1~10.04.1\n  openjdk-6-jre                   6b18-1.8.13-0ubuntu1~10.04.1\n  openjdk-6-jre-headless          6b18-1.8.13-0ubuntu1~10.04.1\n  openjdk-6-jre-zero              6b18-1.8.13-0ubuntu1~10.04.1\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: java-1.6.0-openjdk security update\nAdvisory ID:       RHSA-2012:0135-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0135.html\nIssue date:        2012-02-14\nCVE Names:         CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 \n                   CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 \n                   CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. \n\nIt was discovered that Java2D did not properly check graphics rendering\nobjects before passing them to the native renderer. Malicious input, or an\nuntrusted Java application or applet could use this flaw to crash the Java\nVirtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did\nnot always contain a proper identification of the cause of the failure. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if\nthe array was of the expected Object[] type. A malicious Java application\nor applet could use this flaw to bypass Java sandbox restrictions. \n(CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted\nby the SecurityManager, allowing an untrusted Java application or applet to\nset a new default time zone, and hence bypass Java sandbox restrictions. \n(CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP\nrequests. A remote attacker could use this flaw to make an application\nusing HttpServer use an excessive amount of CPU time via a\nspecially-crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The default\nvalue is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries. \nMalicious input, or an untrusted Java application or applet could use this\nflaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion\nof its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an\nuntrusted Java application or applet to acquire keyboard focus and possibly\nsteal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker\nArchitecture) implementation in Java did not properly protect repository\nidentifiers on certain CORBA objects. This could have been used to modify\nimmutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the unpacker for\nZIP files. A specially-crafted ZIP archive could cause the Java Virtual\nMachine (JVM) to crash when opened. (CVE-2012-0501)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. \n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to\nthe NEWS file, linked to in the References, for further information. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)\n788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)\n788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)\n788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)\n789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)\n789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)\n789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)\n789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)\n789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3563.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3571.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5035.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0497.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0501.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0502.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0503.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0505.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0506.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPOwEiXlSAg2UNWIIRAnYKAKCorWMpTAsiiuJ4uSywvmAym2EK0wCfa/8B\nlhqpUTdPMNmgswBpMj4pV/M=\n=9liL\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n Fix in AtomicReferenceArray (CVE-2011-3571). \n \n Multiple unspecified vulnerabilities allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500). \n \n Issues with some KeyboardFocusManager method (CVE-2012-0502). \n \n Issues with TimeZone class (CVE-2012-0503). \n \n Enhance exception throwing mechanism in ObjectStreamClass\n (CVE-2012-0505). \n \n Issues with some method in corba (CVE-2012-0506).  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPPnJ1mqjQ0CJFipgRAsShAJ9uLjzWi9Y8x/myvScmQfUPwRh8RACg22f9\nNSDNWCT+JqEyYHUExPAwR58=\n=cwgS\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201401-30\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Oracle JRE/JDK: Multiple vulnerabilities\n     Date: January 27, 2014\n     Bugs: #404071, #421073, #433094, #438706, #451206, #455174,\n           #458444, #460360, #466212, #473830, #473980, #488210, #498148\n       ID: 201401-30\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nBackground\n==========\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and\nthe Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)\nprovide the Oracle Java platform (formerly known as Sun Java Platform). \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-java/sun-jdk           \u003c= 1.6.0.45                Vulnerable!\n  2  dev-java/oracle-jdk-bin     \u003c 1.7.0.51              \u003e= 1.7.0.51 *\n  3  dev-java/sun-jre-bin       \u003c= 1.6.0.45                Vulnerable!\n  4  dev-java/oracle-jre-bin     \u003c 1.7.0.51              \u003e= 1.7.0.51 *\n  5  app-emulation/emul-linux-x86-java\n                                 \u003c 1.7.0.51              \u003e= 1.7.0.51 *\n    -------------------------------------------------------------------\n     NOTE: Certain packages are still vulnerable. Users should migrate\n           to another package if one is available or wait for the\n           existing packages to be marked stable by their\n           architecture maintainers. \n    -------------------------------------------------------------------\n     NOTE: Packages marked with asterisks require manual intervention!\n    -------------------------------------------------------------------\n     5 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n======\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities\nto execute arbitrary code. \nFurthermore, a local or remote attacker could exploit these\nvulnerabilities to cause unspecified impact, possibly including remote\nexecution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.7.0.51\"\n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.7.0.51\"\n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the\nlatest version:\n\n  # emerge --sync\n  # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.7.0.51\"\n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one\nof the newer Oracle packages like dev-java/oracle-jdk-bin or\ndev-java/oracle-jre-bin or choose another alternative we provide; eg. \nthe IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \n\nReferences\n==========\n\n[   1 ] CVE-2011-3563\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563\n[   2 ] CVE-2011-5035\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035\n[   3 ] CVE-2012-0497\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497\n[   4 ] CVE-2012-0498\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498\n[   5 ] CVE-2012-0499\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499\n[   6 ] CVE-2012-0500\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500\n[   7 ] CVE-2012-0501\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501\n[   8 ] CVE-2012-0502\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502\n[   9 ] CVE-2012-0503\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503\n[  10 ] CVE-2012-0504\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504\n[  11 ] CVE-2012-0505\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505\n[  12 ] CVE-2012-0506\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506\n[  13 ] CVE-2012-0507\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507\n[  14 ] CVE-2012-0547\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547\n[  15 ] CVE-2012-1531\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531\n[  16 ] CVE-2012-1532\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532\n[  17 ] CVE-2012-1533\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533\n[  18 ] CVE-2012-1541\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541\n[  19 ] CVE-2012-1682\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682\n[  20 ] CVE-2012-1711\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711\n[  21 ] CVE-2012-1713\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713\n[  22 ] CVE-2012-1716\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716\n[  23 ] CVE-2012-1717\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717\n[  24 ] CVE-2012-1718\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718\n[  25 ] CVE-2012-1719\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719\n[  26 ] CVE-2012-1721\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721\n[  27 ] CVE-2012-1722\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722\n[  28 ] CVE-2012-1723\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723\n[  29 ] CVE-2012-1724\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724\n[  30 ] CVE-2012-1725\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725\n[  31 ] CVE-2012-1726\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726\n[  32 ] CVE-2012-3136\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136\n[  33 ] CVE-2012-3143\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143\n[  34 ] CVE-2012-3159\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159\n[  35 ] CVE-2012-3174\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174\n[  36 ] CVE-2012-3213\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213\n[  37 ] CVE-2012-3216\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216\n[  38 ] CVE-2012-3342\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342\n[  39 ] CVE-2012-4416\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416\n[  40 ] CVE-2012-4681\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681\n[  41 ] CVE-2012-5067\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067\n[  42 ] CVE-2012-5068\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068\n[  43 ] CVE-2012-5069\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069\n[  44 ] CVE-2012-5070\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070\n[  45 ] CVE-2012-5071\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071\n[  46 ] CVE-2012-5072\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072\n[  47 ] CVE-2012-5073\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073\n[  48 ] CVE-2012-5074\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074\n[  49 ] CVE-2012-5075\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075\n[  50 ] CVE-2012-5076\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076\n[  51 ] CVE-2012-5077\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077\n[  52 ] CVE-2012-5079\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079\n[  53 ] CVE-2012-5081\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081\n[  54 ] CVE-2012-5083\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083\n[  55 ] CVE-2012-5084\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084\n[  56 ] CVE-2012-5085\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085\n[  57 ] CVE-2012-5086\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086\n[  58 ] CVE-2012-5087\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087\n[  59 ] CVE-2012-5088\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088\n[  60 ] CVE-2012-5089\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089\n[  61 ] CVE-2013-0169\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169\n[  62 ] CVE-2013-0351\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351\n[  63 ] CVE-2013-0401\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401\n[  64 ] CVE-2013-0402\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402\n[  65 ] CVE-2013-0409\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409\n[  66 ] CVE-2013-0419\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419\n[  67 ] CVE-2013-0422\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422\n[  68 ] CVE-2013-0423\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423\n[  69 ] CVE-2013-0430\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430\n[  70 ] CVE-2013-0437\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437\n[  71 ] CVE-2013-0438\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438\n[  72 ] CVE-2013-0445\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445\n[  73 ] CVE-2013-0446\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446\n[  74 ] CVE-2013-0448\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448\n[  75 ] CVE-2013-0449\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449\n[  76 ] CVE-2013-0809\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809\n[  77 ] CVE-2013-1473\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473\n[  78 ] CVE-2013-1479\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479\n[  79 ] CVE-2013-1481\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481\n[  80 ] CVE-2013-1484\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484\n[  81 ] CVE-2013-1485\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485\n[  82 ] CVE-2013-1486\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486\n[  83 ] CVE-2013-1487\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487\n[  84 ] CVE-2013-1488\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488\n[  85 ] CVE-2013-1491\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491\n[  86 ] CVE-2013-1493\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493\n[  87 ] CVE-2013-1500\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500\n[  88 ] CVE-2013-1518\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518\n[  89 ] CVE-2013-1537\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537\n[  90 ] CVE-2013-1540\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540\n[  91 ] CVE-2013-1557\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557\n[  92 ] CVE-2013-1558\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558\n[  93 ] CVE-2013-1561\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561\n[  94 ] CVE-2013-1563\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563\n[  95 ] CVE-2013-1564\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564\n[  96 ] CVE-2013-1569\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569\n[  97 ] CVE-2013-1571\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571\n[  98 ] CVE-2013-2383\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383\n[  99 ] CVE-2013-2384\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384\n[ 100 ] CVE-2013-2394\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394\n[ 101 ] CVE-2013-2400\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400\n[ 102 ] CVE-2013-2407\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407\n[ 103 ] CVE-2013-2412\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412\n[ 104 ] CVE-2013-2414\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414\n[ 105 ] CVE-2013-2415\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415\n[ 106 ] CVE-2013-2416\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416\n[ 107 ] CVE-2013-2417\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417\n[ 108 ] CVE-2013-2418\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418\n[ 109 ] CVE-2013-2419\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419\n[ 110 ] CVE-2013-2420\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420\n[ 111 ] CVE-2013-2421\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421\n[ 112 ] CVE-2013-2422\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422\n[ 113 ] CVE-2013-2423\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423\n[ 114 ] CVE-2013-2424\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424\n[ 115 ] CVE-2013-2425\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425\n[ 116 ] CVE-2013-2426\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426\n[ 117 ] CVE-2013-2427\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427\n[ 118 ] CVE-2013-2428\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428\n[ 119 ] CVE-2013-2429\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429\n[ 120 ] CVE-2013-2430\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430\n[ 121 ] CVE-2013-2431\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431\n[ 122 ] CVE-2013-2432\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432\n[ 123 ] CVE-2013-2433\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433\n[ 124 ] CVE-2013-2434\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434\n[ 125 ] CVE-2013-2435\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435\n[ 126 ] CVE-2013-2436\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436\n[ 127 ] CVE-2013-2437\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437\n[ 128 ] CVE-2013-2438\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438\n[ 129 ] CVE-2013-2439\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439\n[ 130 ] CVE-2013-2440\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440\n[ 131 ] CVE-2013-2442\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442\n[ 132 ] CVE-2013-2443\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443\n[ 133 ] CVE-2013-2444\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444\n[ 134 ] CVE-2013-2445\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445\n[ 135 ] CVE-2013-2446\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446\n[ 136 ] CVE-2013-2447\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447\n[ 137 ] CVE-2013-2448\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448\n[ 138 ] CVE-2013-2449\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449\n[ 139 ] CVE-2013-2450\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450\n[ 140 ] CVE-2013-2451\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451\n[ 141 ] CVE-2013-2452\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452\n[ 142 ] CVE-2013-2453\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453\n[ 143 ] CVE-2013-2454\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454\n[ 144 ] CVE-2013-2455\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455\n[ 145 ] CVE-2013-2456\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456\n[ 146 ] CVE-2013-2457\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457\n[ 147 ] CVE-2013-2458\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458\n[ 148 ] CVE-2013-2459\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459\n[ 149 ] CVE-2013-2460\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460\n[ 150 ] CVE-2013-2461\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461\n[ 151 ] CVE-2013-2462\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462\n[ 152 ] CVE-2013-2463\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463\n[ 153 ] CVE-2013-2464\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464\n[ 154 ] CVE-2013-2465\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465\n[ 155 ] CVE-2013-2466\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466\n[ 156 ] CVE-2013-2467\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467\n[ 157 ] CVE-2013-2468\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468\n[ 158 ] CVE-2013-2469\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469\n[ 159 ] CVE-2013-2470\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470\n[ 160 ] CVE-2013-2471\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471\n[ 161 ] CVE-2013-2472\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472\n[ 162 ] CVE-2013-2473\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473\n[ 163 ] CVE-2013-3743\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743\n[ 164 ] CVE-2013-3744\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744\n[ 165 ] CVE-2013-3829\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829\n[ 166 ] CVE-2013-5772\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772\n[ 167 ] CVE-2013-5774\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774\n[ 168 ] CVE-2013-5775\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775\n[ 169 ] CVE-2013-5776\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776\n[ 170 ] CVE-2013-5777\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777\n[ 171 ] CVE-2013-5778\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778\n[ 172 ] CVE-2013-5780\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780\n[ 173 ] CVE-2013-5782\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782\n[ 174 ] CVE-2013-5783\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783\n[ 175 ] CVE-2013-5784\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784\n[ 176 ] CVE-2013-5787\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787\n[ 177 ] CVE-2013-5788\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788\n[ 178 ] CVE-2013-5789\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789\n[ 179 ] CVE-2013-5790\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790\n[ 180 ] CVE-2013-5797\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797\n[ 181 ] CVE-2013-5800\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800\n[ 182 ] CVE-2013-5801\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801\n[ 183 ] CVE-2013-5802\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802\n[ 184 ] CVE-2013-5803\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803\n[ 185 ] CVE-2013-5804\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804\n[ 186 ] CVE-2013-5805\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805\n[ 187 ] CVE-2013-5806\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806\n[ 188 ] CVE-2013-5809\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809\n[ 189 ] CVE-2013-5810\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810\n[ 190 ] CVE-2013-5812\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812\n[ 191 ] CVE-2013-5814\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814\n[ 192 ] CVE-2013-5817\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817\n[ 193 ] CVE-2013-5818\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818\n[ 194 ] CVE-2013-5819\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819\n[ 195 ] CVE-2013-5820\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820\n[ 196 ] CVE-2013-5823\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823\n[ 197 ] CVE-2013-5824\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824\n[ 198 ] CVE-2013-5825\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825\n[ 199 ] CVE-2013-5829\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829\n[ 200 ] CVE-2013-5830\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830\n[ 201 ] CVE-2013-5831\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831\n[ 202 ] CVE-2013-5832\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832\n[ 203 ] CVE-2013-5838\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838\n[ 204 ] CVE-2013-5840\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840\n[ 205 ] CVE-2013-5842\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842\n[ 206 ] CVE-2013-5843\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843\n[ 207 ] CVE-2013-5844\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844\n[ 208 ] CVE-2013-5846\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846\n[ 209 ] CVE-2013-5848\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848\n[ 210 ] CVE-2013-5849\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849\n[ 211 ] CVE-2013-5850\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850\n[ 212 ] CVE-2013-5851\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851\n[ 213 ] CVE-2013-5852\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852\n[ 214 ] CVE-2013-5854\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854\n[ 215 ] CVE-2013-5870\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870\n[ 216 ] CVE-2013-5878\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878\n[ 217 ] CVE-2013-5887\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887\n[ 218 ] CVE-2013-5888\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888\n[ 219 ] CVE-2013-5889\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889\n[ 220 ] CVE-2013-5893\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893\n[ 221 ] CVE-2013-5895\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895\n[ 222 ] CVE-2013-5896\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896\n[ 223 ] CVE-2013-5898\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898\n[ 224 ] CVE-2013-5899\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899\n[ 225 ] CVE-2013-5902\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902\n[ 226 ] CVE-2013-5904\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904\n[ 227 ] CVE-2013-5905\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905\n[ 228 ] CVE-2013-5906\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906\n[ 229 ] CVE-2013-5907\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907\n[ 230 ] CVE-2013-5910\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910\n[ 231 ] CVE-2014-0368\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368\n[ 232 ] CVE-2014-0373\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373\n[ 233 ] CVE-2014-0375\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375\n[ 234 ] CVE-2014-0376\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376\n[ 235 ] CVE-2014-0382\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382\n[ 236 ] CVE-2014-0385\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385\n[ 237 ] CVE-2014-0387\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387\n[ 238 ] CVE-2014-0403\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403\n[ 239 ] CVE-2014-0408\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408\n[ 240 ] CVE-2014-0410\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410\n[ 241 ] CVE-2014-0411\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411\n[ 242 ] CVE-2014-0415\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415\n[ 243 ] CVE-2014-0416\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416\n[ 244 ] CVE-2014-0417\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417\n[ 245 ] CVE-2014-0418\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418\n[ 246 ] CVE-2014-0422\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422\n[ 247 ] CVE-2014-0423\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423\n[ 248 ] CVE-2014-0424\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424\n[ 249 ] CVE-2014-0428\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201401-30.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. HP has updated the Apache Tomcat and Oracle database software to\naddress vulnerabilities affecting confidentiality, availability, and\nintegrity",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-5035"
          },
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567"
          },
          {
            "db": "BID",
            "id": "51194"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-5035"
          },
          {
            "db": "PACKETSTORM",
            "id": "111594"
          },
          {
            "db": "PACKETSTORM",
            "id": "111624"
          },
          {
            "db": "PACKETSTORM",
            "id": "123734"
          },
          {
            "db": "PACKETSTORM",
            "id": "125556"
          },
          {
            "db": "PACKETSTORM",
            "id": "112144"
          },
          {
            "db": "PACKETSTORM",
            "id": "110365"
          },
          {
            "db": "PACKETSTORM",
            "id": "109793"
          },
          {
            "db": "PACKETSTORM",
            "id": "109918"
          },
          {
            "db": "PACKETSTORM",
            "id": "124943"
          },
          {
            "db": "PACKETSTORM",
            "id": "125436"
          }
        ],
        "trust": 3.6
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2011-5035"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-5035",
            "trust": 3.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#903934",
            "trust": 3.3
          },
          {
            "db": "OCERT",
            "id": "OCERT-2011-003",
            "trust": 2.8
          },
          {
            "db": "SECUNIA",
            "id": "48589",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57126",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "48073",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "48074",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "48950",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "51194",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-500",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19347",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19819",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19290",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-502",
            "trust": 0.6
          },
          {
            "db": "HITACHI",
            "id": "HS12-007",
            "trust": 0.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "2012",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-5035",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "111594",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "111624",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "123734",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "125556",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "112144",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "110365",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109793",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109918",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "124943",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "125436",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-5035"
          },
          {
            "db": "BID",
            "id": "51194"
          },
          {
            "db": "PACKETSTORM",
            "id": "111594"
          },
          {
            "db": "PACKETSTORM",
            "id": "111624"
          },
          {
            "db": "PACKETSTORM",
            "id": "123734"
          },
          {
            "db": "PACKETSTORM",
            "id": "125556"
          },
          {
            "db": "PACKETSTORM",
            "id": "112144"
          },
          {
            "db": "PACKETSTORM",
            "id": "110365"
          },
          {
            "db": "PACKETSTORM",
            "id": "109793"
          },
          {
            "db": "PACKETSTORM",
            "id": "109918"
          },
          {
            "db": "PACKETSTORM",
            "id": "124943"
          },
          {
            "db": "PACKETSTORM",
            "id": "125436"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5035"
          }
        ]
      },
      "id": "VAR-201112-0123",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26205936
      },
      "last_update_date": "2026-04-10T21:53:54.748000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "HT5228",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/HT5228"
          },
          {
            "title": "HT1338",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/HT1338?viewlocale=ja_JP"
          },
          {
            "title": "HT5228",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/HT5228?viewlocale=ja_JP"
          },
          {
            "title": "HS12-007",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-007/index.html"
          },
          {
            "title": "HPSBST02955 SSRT101157",
            "trust": 0.8,
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04047415"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - April 2012",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - January 2012",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - January 2013",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
          },
          {
            "title": "Oracle Security Alert for CVE-2011-5035",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html"
          },
          {
            "title": "RHSA-2013:1455",
            "trust": 0.8,
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
          },
          {
            "title": "January 2012 Critical Patch Update Released",
            "trust": 0.8,
            "url": "http://blogs.oracle.com/security/entry/january_2012_critical_patch_update"
          },
          {
            "title": "January 2013 Critical Patch Update Released",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/january_2013_critical_patch_update"
          },
          {
            "title": "interstage_as_201201",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html"
          },
          {
            "title": "HS12-007",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-007/index.html"
          },
          {
            "title": "Red Hat: Important: java-1.6.0-openjdk security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120322 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: java-1.6.0-openjdk security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120135 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: java-1.6.0-sun security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120139 - Security Advisory"
          },
          {
            "title": "Red Hat: Critical: java-1.6.0-ibm security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120514 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1373-2"
          },
          {
            "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1373-1"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2012-043",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-043"
          },
          {
            "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/oracle-patches-88-vulnerabilities-including-some-allow-remote-exploits-without-authentication/76457/"
          },
          {
            "title": "welivesecurity",
            "trust": 0.1,
            "url": "https://www.welivesecurity.com/2012/04/05/mac-flashback-trojan-java-update/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2011-5035"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5035"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
          },
          {
            "trust": 2.8,
            "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
          },
          {
            "trust": 2.5,
            "url": "http://www.kb.cert.org/vuls/id/903934"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0514.html"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/48589"
          },
          {
            "trust": 1.1,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/48950"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150"
          },
          {
            "trust": 1.1,
            "url": "http://www.debian.org/security/2012/dsa-2420"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57126"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=133364885411663\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=133847939902305\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16908"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/48073"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/48074"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5035"
          },
          {
            "trust": 0.8,
            "url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606"
          },
          {
            "trust": 0.8,
            "url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu903934"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu514315/"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5035"
          },
          {
            "trust": 0.7,
            "url": "http://www.securityfocus.com/bid/51194"
          },
          {
            "trust": 0.7,
            "url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0497"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19347"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19290"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19819"
          },
          {
            "trust": 0.5,
            "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0500"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498"
          },
          {
            "trust": 0.3,
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03350339"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/us/products/middleware/application-server/oracle-glassfish-server/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59971"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59978"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100159245"
          },
          {
            "trust": 0.3,
            "url": "http://downloads.avaya.com/css/p8/documents/100160575"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/100160941"
          },
          {
            "trust": 0.3,
            "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1332960372864.876444892.199480143"
          },
          {
            "trust": 0.3,
            "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1333452463922.876444892.492883150"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-007/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html"
          },
          {
            "trust": 0.3,
            "url": "http://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0504"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0002"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
          },
          {
            "trust": 0.2,
            "url": "http://www.hp.com"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062"
          },
          {
            "trust": 0.2,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.2,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3571"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2012:0322"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/1373-2/"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/2012/"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=25553"
          },
          {
            "trust": 0.1,
            "url": "http://www.apple.com/support/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "http://support.apple.com/kb/ht1222"
          },
          {
            "trust": 0.1,
            "url": "http://www.o"
          },
          {
            "trust": 0.1,
            "url": "http://gpgtools.org"
          },
          {
            "trust": 0.1,
            "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.1,
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
          },
          {
            "trust": 0.1,
            "url": "https://www.hp.com/go/swa"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/go/java"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2468.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0873.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1540.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1476.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2463.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2446.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/site/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1500.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0428.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1480.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2419.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0401.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2444.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0425.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2454.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5089.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1722.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5079.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0419.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2422.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1721.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5081.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0409.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5071.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0863.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0423.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1532.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-3216.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5069.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0867.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5084.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0443.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2451.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0809.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1487.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0351.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0814.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-4820.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0427.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0433.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1493.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1569.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5073.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-4823.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2435.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2456.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-3743.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#low"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2407.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0871.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2470.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5068.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1541.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0868.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-4822.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0873"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-3159.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1557.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5075.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2471.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2429.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2443.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1713.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-3213.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0441.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2457.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2412.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5072.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1718.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0432.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0446.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1481.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1537.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1717.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1531.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2432.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2447.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0802.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2452.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0865.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0450.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1491.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2464.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0862.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1571.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2383.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2418.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1473.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0547.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1563.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2465.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2472.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2466.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2424.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2453.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2473.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2433.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2437.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1716.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-5083.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1533.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-3342.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0426.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2450.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-3143.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0440.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1725.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2417.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0445.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2394.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2455.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1682.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2442.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2459.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2430.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0442.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0551.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0424.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-0869.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2448.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0863"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-1719.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1486.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2384.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0169.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2469.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0438.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-1478.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0435.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-0434.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2420.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2440.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/knowledge/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-1373-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~10.10.1"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-1373-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~11.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~10.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/kb/docs/doc-11259"
          },
          {
            "trust": 0.1,
            "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/news"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2012-0135.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3571.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0497"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3571"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0505"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0500"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3563"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0498"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0499"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0503"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0506"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0502"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0501"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0507"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5870"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0419"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1558"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5818"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1541"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5889"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0449"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2440"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1540"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0385"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2427"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2437"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0445"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0500"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2468"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3743"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0422"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5893"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3159"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3174"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5888"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0437"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1541"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0373"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0351"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1563"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5789"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0504"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1682"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5899"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5801"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0423"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5832"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5848"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0428"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0415"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1719"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1533"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2400"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1564"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3143"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0448"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0438"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5810"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5905"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201401-30.xml"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5904"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5831"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0422"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3744"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5854"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2394"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0498"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5852"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5777"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0547"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0499"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0409"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1532"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2428"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4681"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2462"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0423"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5083"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0375"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2439"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2416"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3136"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0376"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5824"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3342"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5776"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1531"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0417"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1723"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5819"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1722"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5895"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2466"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0403"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0446"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2418"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5788"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0416"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0424"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1473"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5887"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0418"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0410"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0368"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1717"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2425"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1722"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5902"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2432"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0387"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1716"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1533"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2438"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1721"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0382"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5812"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3213"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5846"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1718"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5775"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5787"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5898"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1531"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1481"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2433"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5844"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5906"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1711"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1532"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1561"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2435"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1491"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5910"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1487"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1713"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5907"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5896"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5843"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5067"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1682"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2414"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2467"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5079"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0411"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1721"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1479"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2434"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2442"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2464"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5878"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0408"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0402"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5838"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0430"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5088"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-5035"
          },
          {
            "db": "BID",
            "id": "51194"
          },
          {
            "db": "PACKETSTORM",
            "id": "111594"
          },
          {
            "db": "PACKETSTORM",
            "id": "111624"
          },
          {
            "db": "PACKETSTORM",
            "id": "123734"
          },
          {
            "db": "PACKETSTORM",
            "id": "125556"
          },
          {
            "db": "PACKETSTORM",
            "id": "112144"
          },
          {
            "db": "PACKETSTORM",
            "id": "110365"
          },
          {
            "db": "PACKETSTORM",
            "id": "109793"
          },
          {
            "db": "PACKETSTORM",
            "id": "109918"
          },
          {
            "db": "PACKETSTORM",
            "id": "124943"
          },
          {
            "db": "PACKETSTORM",
            "id": "125436"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-502"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5035"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#903934",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-5035",
            "ident": null
          },
          {
            "db": "BID",
            "id": "51194",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "111594",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "111624",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "123734",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "125556",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "112144",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "110365",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "109793",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "109918",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "124943",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "125436",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-500",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-502",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-003567",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-5035",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-12-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#903934",
            "ident": null
          },
          {
            "date": "2011-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-5035",
            "ident": null
          },
          {
            "date": "2011-12-29T00:00:00",
            "db": "BID",
            "id": "51194",
            "ident": null
          },
          {
            "date": "2012-04-05T01:14:57",
            "db": "PACKETSTORM",
            "id": "111594",
            "ident": null
          },
          {
            "date": "2012-04-06T02:06:18",
            "db": "PACKETSTORM",
            "id": "111624",
            "ident": null
          },
          {
            "date": "2013-10-23T22:57:57",
            "db": "PACKETSTORM",
            "id": "123734",
            "ident": null
          },
          {
            "date": "2014-03-06T02:39:08",
            "db": "PACKETSTORM",
            "id": "125556",
            "ident": null
          },
          {
            "date": "2012-04-25T02:09:03",
            "db": "PACKETSTORM",
            "id": "112144",
            "ident": null
          },
          {
            "date": "2012-03-02T03:55:14",
            "db": "PACKETSTORM",
            "id": "110365",
            "ident": null
          },
          {
            "date": "2012-02-15T22:46:40",
            "db": "PACKETSTORM",
            "id": "109793",
            "ident": null
          },
          {
            "date": "2012-02-18T03:25:35",
            "db": "PACKETSTORM",
            "id": "109918",
            "ident": null
          },
          {
            "date": "2014-01-27T18:30:13",
            "db": "PACKETSTORM",
            "id": "124943",
            "ident": null
          },
          {
            "date": "2014-02-26T22:39:24",
            "db": "PACKETSTORM",
            "id": "125436",
            "ident": null
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-500",
            "ident": null
          },
          {
            "date": "2011-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-502",
            "ident": null
          },
          {
            "date": "2012-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003567",
            "ident": null
          },
          {
            "date": "2011-12-30T01:55:01.640000",
            "db": "NVD",
            "id": "CVE-2011-5035",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-02-15T00:00:00",
            "db": "CERT/CC",
            "id": "VU#903934",
            "ident": null
          },
          {
            "date": "2018-01-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-5035",
            "ident": null
          },
          {
            "date": "2015-04-13T21:24:00",
            "db": "BID",
            "id": "51194",
            "ident": null
          },
          {
            "date": "2012-01-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-500",
            "ident": null
          },
          {
            "date": "2012-01-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201112-502",
            "ident": null
          },
          {
            "date": "2015-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-003567",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-5035",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "111624"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-502"
          }
        ],
        "trust": 1.3
      },
      "title": {
        "_id": null,
        "data": "Hash table implementations vulnerable to algorithmic complexity attacks",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201112-502"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201201-0259

    Vulnerability from variot - Updated: 2026-03-09 21:42

    Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Multiple Hitachi COBOL2002 products have security vulnerabilities that allow attackers to take control of target user systems. No detailed vulnerability details are provided at this time. Apache Tomcat is prone to a denial-of-service vulnerability. An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03716627

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c03716627 Version: 1

    HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2013-03-28 Last Updated: 2013-03-28


    Potential Security Impact: Remote Denial of Service (DoS), access restriction bypass, unauthorized modification and other vulnerabilities

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache running Tomcat Servlet Engine 5.5.35.01 or earlier

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2009-2693 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2009-2902 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-3548 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-1157 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2010-3718 (AV:L/AC:H/Au:N/C:N/I:P/A:N) 1.2 CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0013 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-1184 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-2204 (AV:L/AC:M/Au:N/C:P/I:N/A:N) 1.9 CVE-2011-2526 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-2729 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3190 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-4858 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0022 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has provided the following software updates to resolve the vulnerability. The updates are available for download from https://h20392.www2.hp.com/portal /swdepot/displayProductInfo.do?productNumber=HPUXWST553601

    Servlet Version Depot Name

    HP-UX Apache Tomcat Servlet Engine v5.5.36.01 HP-UX_11.23_HPUXWS22T-B5536-1123.depot

    HP-UX_11.31_HPUXWS22T-B5536-1131.depot

    MANUAL ACTIONS: Yes - Update Install HP-UX Apache Tomcat Servlet Engine 5.5.36.01 or subsequent

    PRODUCT SPECIFIC INFORMATION

    HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

    The following text is for use by the HP-UX Software Assistant.

    AFFECTED VERSIONS

    HP-UX Web Server Suite HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22TOMCAT.TOMCAT action: install revision B.5.5.36.01 or subsequent

    END AFFECTED VERSION

    HISTORY Version:1 (rev.1) - 28 March 2013 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description:

    JBoss Operations Network (JBoss ON) is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. The Release Notes will be available shortly from https://docs.redhat.com/docs/en-US/index.html

    The following security issues are also fixed with this release:

    JBoss ON did not properly verify security tokens, allowing an unapproved agent to connect as an approved agent. As a result, the attacker could retrieve sensitive data about the server the hijacked agent was running on, including JMX credentials. (CVE-2012-0052)

    JBoss ON sometimes allowed agent registration to succeed when the registration request did not include a security token. This is a feature designed to add convenience. A remote attacker could use this flaw to spoof the identity of an approved agent and pass a null security token, allowing them to hijack the approved agent's session, and steal its security token. As a result, the attacker could retrieve sensitive data about the server the hijacked agent was running on, including JMX credentials. (CVE-2011-4858)

    Multiple cross-site scripting (XSS) flaws were found in the JBoss ON administration interface. If a remote attacker could trick a user, who was logged into the JBoss ON administration interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's JBoss ON session. (CVE-2011-3206)

    JBoss ON did not verify that a user had the proper modify resource permissions when they attempted to delete a plug-in configuration update from the group connection properties history. This could allow such a user to delete a plug-in configuration update from the audit trail. Note that a user without modify resource permissions cannot use this flaw to make configuration changes. HP Network Node Manager I (NNMi) v9.0X and v9.1X for HP-UX, Linux, Solaris, and Windows.

    These hotfixes also apply to the following products and can be applied to all patch levels:

    HP NNM iSPI for IP QA HP NNM iSPI for IP Telephony HP NNM SPI for IP Multicast HP NNM SPI for MPLS

    NNMi Version Operating System Hotfix

    9.00 HP-UX, Linux, Solaris, and Windows. HF-NNMi-9.0xP5-JBoss-20130417

    9.10 HP-UX, Linux, Solaris, and Windows. Relevant releases/architectures:

    RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

    1. 5 client):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm

    i386: tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.i386.rpm

    x86_64: tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.x86_64.rpm

    RHEL Desktop Workstation (v. 5 client):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm

    i386: tomcat5-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.i386.rpm

    x86_64: tomcat5-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm

    Red Hat Enterprise Linux (v. Description:

    The JBoss Communications Platform (JBCP) is an open source VoIP platform certified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as a high performance core for Service Delivery Platforms (SDPs) and IP Multimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence of data and video in Next-Generation Intelligent Network (NGIN) applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2012:0681-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0681.html Issue date: 2012-05-21 CVE Names: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 =====================================================================

    1. Summary:

    An update for the Apache Tomcat 6 component for JBoss Enterprise Web Server 1.0.2 that fixes multiple security issues and three bugs is now available from the Red Hat Customer Portal.

    The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package.

    This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves the following security issues:

    Multiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)

    A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially-crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)

    A flaw in the way Tomcat recycled objects that contain data from user requests (such as IP addresses and HTTP headers) when certain errors occurred. If a user sent a request that caused an error to be logged, Tomcat would return a reply to the next request (which could be sent by a different user) with data from the first user's request, leading to information disclosure. Under certain conditions, a remote attacker could leverage this flaw to hijack sessions. (CVE-2011-3375)

    The Java hashCode() method implementation was susceptible to predictable hash collisions. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858)

    Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022)

    A flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)

    A flaw in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526)

    Red Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4858.

    1. Solution:

    All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.

    The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files).

    Tomcat must be restarted for this update to take effect.

    1. Bugs fixed (http://bugzilla.redhat.com/):

    717013 - CVE-2011-2204 tomcat: password disclosure vulnerability 720948 - CVE-2011-2526 tomcat: security manager restrictions bypass 734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure 741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication 750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003) 782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling 783359 - CVE-2012-0022 tomcat: large number of parameters DoS 5. References:

    https://www.redhat.com/security/data/cve/CVE-2011-1184.html https://www.redhat.com/security/data/cve/CVE-2011-2204.html https://www.redhat.com/security/data/cve/CVE-2011-2526.html https://www.redhat.com/security/data/cve/CVE-2011-3190.html https://www.redhat.com/security/data/cve/CVE-2011-3375.html https://www.redhat.com/security/data/cve/CVE-2011-4858.html https://www.redhat.com/security/data/cve/CVE-2011-5062.html https://www.redhat.com/security/data/cve/CVE-2011-5063.html https://www.redhat.com/security/data/cve/CVE-2011-5064.html https://www.redhat.com/security/data/cve/CVE-2012-0022.html https://access.redhat.com/security/updates/classification/#moderate http://tomcat.apache.org/security-6.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=1.0.2 https://issues.jboss.org/browse/JBPAPP-4873 https://issues.jboss.org/browse/JBPAPP-6133 https://issues.jboss.org/browse/JBPAPP-6852

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

    iD8DBQFPunlvXlSAg2UNWIIRAvqnAKCFCNODTaq3A180VLq9ptMsBURTcwCgsJls JsG5zbN8j1JMa8din0vPkdw= =zajO -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ----------------------------------------------------------------------

    Secunia is hiring!

    Find your next job here:

    http://secunia.com/company/jobs/


    TITLE: Hitachi COBOL2002 Products Unspecified Vulnerability

    SECUNIA ADVISORY ID: SA47612

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47612/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47612

    RELEASE DATE: 2012-01-20

    DISCUSS ADVISORY: http://secunia.com/advisories/47612/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/47612/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=47612

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Hitachi has reported a vulnerability in some COBOL2002 products, which can be exploited by malicious users to compromise a vulnerable system.

    The vulnerability is caused due to an unspecified error. No further information is currently available.

    PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

    ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    .

    A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server. Solution:

    Before applying this update, make sure all previously-released errata relevant to your system have been applied. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    7

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-/a",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-00-/a",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/b",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/b",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/a",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/c",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/b",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/c",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-/b",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-00-/a",
            "scope": null,
            "trust": 2.1,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "6.0.4"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "6.0.6"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "6.0.7"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "6.0.8"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "6.0.5"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "hitachi",
            "version": "08-00-01"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "hitachi",
            "version": "08-00-01"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/c",
            "scope": null,
            "trust": 1.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "hitachi",
            "version": "08-00-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/a",
            "scope": null,
            "trust": 1.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/f",
            "scope": null,
            "trust": 1.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-00-/b",
            "scope": null,
            "trust": 1.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "hitachi",
            "version": "08-00-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-00-/b",
            "scope": null,
            "trust": 1.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "hitachi",
            "version": "08-00-01"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-/c",
            "scope": null,
            "trust": 1.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/a",
            "scope": null,
            "trust": 1.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/f",
            "scope": null,
            "trust": 1.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "hitachi",
            "version": "08-00-01"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "5.5.35"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "06-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/d",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/g",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "06-70"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-00-/c",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-00-/e",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "06-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/e",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-00-/d",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/e",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-00-/e",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-/e",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "06-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/e",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-00-/c",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "06-70"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "06-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/d",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-00-/d",
            "scope": null,
            "trust": 1.5,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.11"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.17"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.5"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.18"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.3"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.15"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.25"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.8"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.29"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.20"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.15"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.27"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.12"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.19"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.30"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.16"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.31"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.20"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.13"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.26"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.18"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.22"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.12"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.16"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.13"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.19"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.17"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.14"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.7"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.24"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.10"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.9"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.32"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.10"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.28"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.9"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.21"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.14"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.33"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.6"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "6.0.11"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/i",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "05-05"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/d",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/h",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00-06"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-60"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00-06"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/g",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00-06"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/f",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/d",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/a",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00-12"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/e",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00-06"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00-06"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-60"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/g",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00-06"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/b",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/c",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-/d",
            "scope": null,
            "trust": 1.2,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.22"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.34"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.23"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.21"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "06-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-71-/b",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-02-/a",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/a",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-00-03"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-02-/d",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-60"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-02-/c",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-50-01"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard )",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "06-00"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-/f",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/a",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-71-/c",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-02-/d",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-02-/a",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard )",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "06-70"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-00-03"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-02-/c",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "05-00"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-02-/b",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/f",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-02-/b",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-10-06"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/m",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-00-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "06-70"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-00-03"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/b",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-50-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "07-00-01"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/b",
            "scope": null,
            "trust": 0.9,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache tomcat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ruby",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "the php group",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage list works",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage service integrator",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus studio",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "version 5"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "st ard"
          },
          {
            "_id": null,
            "model": "systemwalker software configuration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker it change manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "enterprise version 6"
          },
          {
            "_id": null,
            "model": "interstage xml business activity recorder",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "st ard-j edition v7.1 to  v8.1"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "apache",
            "version": "7.x"
          },
          {
            "_id": null,
            "model": "interstage web server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise service bus v6.4 to  v8.4"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise edition v4.1 to  v6.5"
          },
          {
            "_id": null,
            "model": "ucosminexus service",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "platform"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "smart edition"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "apache",
            "version": "6.x"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "professional for plug-in"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker operation manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker it process master",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "developer v7.1 to  v8.1"
          },
          {
            "_id": null,
            "model": "interstage application development cycle manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "none"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "portal v8.2 to  v8.3"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise edition v7.1 to  v8.1"
          },
          {
            "_id": null,
            "model": "csview",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "/faq navigator  v4    v5"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise v8.2 to  v8.4"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "st ard-r"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "foundation v8.2 to  v8.4"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "sip application server st ard edition v7.1 to  v8.1"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "development environment  v6.1 to  v6.5"
          },
          {
            "_id": null,
            "model": "systemwalker desktop inspection",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apache",
            "version": "6.0.35"
          },
          {
            "_id": null,
            "model": "websam storage vmware vcenter plug-in",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v1.1"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "web edition v7.1 to  v8.1"
          },
          {
            "_id": null,
            "model": "success server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "plus developer / apworks / studio"
          },
          {
            "_id": null,
            "model": "systemwalker service quality coordinator",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "uddi registry v1.1 to  v7.1"
          },
          {
            "_id": null,
            "model": "systemwalker runbook automation",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "serverview",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "resource orchestrator cloud edition"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "st ard v8.2 to  v8.4"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "base"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "professional version 6"
          },
          {
            "_id": null,
            "model": "interstage list manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "st ard-j edition v4.1 to  v6.5"
          },
          {
            "_id": null,
            "model": "cosminexus primary server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "base"
          },
          {
            "_id": null,
            "model": "interstage business application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "infoframe documentskipper",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v4.1"
          },
          {
            "_id": null,
            "model": "infocage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "pc security  v1.44 before"
          },
          {
            "_id": null,
            "model": "ucosminexus service",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "architect"
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "st ard edition v4.1 to  v6.5"
          },
          {
            "_id": null,
            "model": "internet navigware server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "version 5"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "express"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "light"
          },
          {
            "_id": null,
            "model": "infoframe documentskipper",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v3.2"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "enterprise"
          },
          {
            "_id": null,
            "model": "websam securemaster",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterpriseidentitymanager ver4.1 all versions up to"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "01"
          },
          {
            "_id": null,
            "model": "interstage application framework suite",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker availability view",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage shunsaku data manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "version 5"
          },
          {
            "_id": null,
            "model": "interstage form coordinator workflow",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "systemwalker service catalog manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "web edition v4.1 to  v6.5"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "st ard edition v7.1 to  v8.1"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "st ard version 6"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "light"
          },
          {
            "_id": null,
            "model": "websam securemaster",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterpriseaccessmanager ver5.0 to  ver6.1"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "st ard"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "light version 6"
          },
          {
            "_id": null,
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "express v8.2 to  v8.4"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apache",
            "version": "7.0.23"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "professional"
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "st ard version 6"
          },
          {
            "_id": null,
            "model": "garoon",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybozu",
            "version": "2.0.0 to  3.1"
          },
          {
            "_id": null,
            "model": "ucosminexus service",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "platform - messaging"
          },
          {
            "_id": null,
            "model": "infoframe documentskipper",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v5.1"
          },
          {
            "_id": null,
            "model": "interstage job workload server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "cobol2002 net server suite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "2.x"
          },
          {
            "_id": null,
            "model": "cobol2002 net client suite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "2.x"
          },
          {
            "_id": null,
            "model": "cobol2002 net developer",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "2.x"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-71-/d",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-71-/b",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-03-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-60"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "02-00"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-51"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/i",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-72-/b",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/n",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-53"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-00-/f",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server 06-70-/c",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/a",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-71-/g",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-71-/h",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-71-/c",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-71-/a",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/l",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-51"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/b",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-71-/h",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server 06-71-/d",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-09"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-09"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-10"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-53"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server 06-70-/d",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/j",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/e",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-03-02"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-51"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/c",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-09"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/n",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-72-/d",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/d",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-10"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-71"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-71-/g",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-10"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-01"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/c",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/h",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-53"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-10-08"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-00-/i",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-03-02"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/c",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-00-/h",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-00-/g",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-09"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/d",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-71"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-03-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-00-02"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-02-/f",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/o",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-02-/e",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-10"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-71-/d",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-51"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-03-02"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-02-/f",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/b )",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-60"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-10-06"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-71-/a",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-00-/h",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-00-/g",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-00-/f",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-03-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-09"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "08-00-02"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-00-/i",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-09"
          },
          {
            "_id": null,
            "model": "ucosminexus application server )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "07-00-10"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-50"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "06-50"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-02-/e",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/k",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/e",
            "scope": null,
            "trust": 0.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-02-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 06-51-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-50-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-02-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-72-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "network node manager i spi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-70-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-02"
          },
          {
            "_id": null,
            "model": "cosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-02"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-70-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-00-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.19"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/c (solari",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-00-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-02-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-03-03"
          },
          {
            "_id": null,
            "model": "cosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-50"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-02-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/r",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-72"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli foundations for application manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-50-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-71-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.14"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-03"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "cosminexus primary server base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-71-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-00-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-10"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-01"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-c (solaris",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "tivoli key lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-02"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0.23"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-00-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-02-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-50"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-00-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.7"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-02-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.18"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-70-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-70-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-20"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-00-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.22"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.23"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-00-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-00-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-02-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/o",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-06"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-02-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-70-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-60"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-71-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus developer 06-70-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-00-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-50-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-70-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-60"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-05"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.14"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.30"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus primary server base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-80"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tivoli netcool/omnibus web gui",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/p",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-00-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server smart edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.2"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.13"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterpris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-10"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/a (windows(ip",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.7"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform for rhel 4as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.21"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-01-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-01"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-53"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.8"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-01"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-71-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.7"
          },
          {
            "_id": null,
            "model": "cosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-51"
          },
          {
            "_id": null,
            "model": "cosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-00"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-53"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-05"
          },
          {
            "_id": null,
            "model": "tomcat beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-01"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-50-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "cosminexus studio 05-00-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-71-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-09"
          },
          {
            "_id": null,
            "model": "network node manager i spi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "tivoli dynamic workload console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6.0.1"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-71-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-02"
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.14"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "infosphere guardium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-50-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-05"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-02-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "cosminexus studio 05-01-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/a linux )",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-02"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-70-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-71-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server 06-70-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-71-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-71-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.21"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli netcool/webtop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-/c (hp-ux(",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-00-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-02-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-50-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-09"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/q",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-02-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "3.1.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.9"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-02-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server 06-70-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-50-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-72-/g )",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli integrated portal",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1.19"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-71"
          },
          {
            "_id": null,
            "model": "tivoli foundations for application manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.6"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform for rhel server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "55"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-02"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-05"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.13"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-20"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "jboss communications platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5.1.2"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-00-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.5"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-00-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus studio 05-05-/q",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-00-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-00-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional for plug-in",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.1"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/p",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-01"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.5"
          },
          {
            "_id": null,
            "model": "tivoli netcool performance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.2"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/a (windows(ip",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-02-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-02"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-51"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-01"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-00"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-71-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-50-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.3"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.31"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-02"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-50-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.30"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/q",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-02-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-71"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-01"
          },
          {
            "_id": null,
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-10"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-71-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "jboss communications platform",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5.1.3"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-02-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.4"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-00-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-51"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.17"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-12"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-08"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-71-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-71-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-51"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-70-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-70-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli netcool performance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.1"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-10"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-72(*1)"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.12"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-50-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-50-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server 06-70-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/s",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-72-/b )",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-02"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-50-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/o",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-02-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-00-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli dynamic workload console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6.0.0"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard (solaris(sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "network node manager i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.11"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-02-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-02-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-03-03"
          },
          {
            "_id": null,
            "model": "jboss enterprise web server for rhel server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "51.0"
          },
          {
            "_id": null,
            "model": "tivoli dynamic workload console",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6.0.2"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-01"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.12"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "6.0.35"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.27"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-50"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-71-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-70"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7"
          },
          {
            "_id": null,
            "model": "application manager for smart business",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-03-03"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "security siteprotector system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.9"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-71-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli integrated portal",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.9"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-60"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "cosminexus studio 05-05-/p",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "jboss operations network",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.4.1"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-51-01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer 06-71-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.16"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.19"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise hp-ux )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform for rhel 4es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-70-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-70-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise hp-ux )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8"
          },
          {
            "_id": null,
            "model": "tivoli key lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-01"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.11"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-02-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-02-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-00-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/q",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-71-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-01-02"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-01"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/c (hp-ux(",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-01"
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.17"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-53"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-70-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/g )",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux workstation optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "infosphere guardium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-70"
          },
          {
            "_id": null,
            "model": "tivoli netcool/omnibus web gui",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.12"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.16"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-72"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.4"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-50-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-01"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.9"
          },
          {
            "_id": null,
            "model": "ucosminexus application server 06-71-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/q",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7"
          },
          {
            "_id": null,
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4.1"
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.24"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-00-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "cosminexus studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-70-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-71-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-70-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.22"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/p",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-70-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-05"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-00-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-70-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.18"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.2"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "cosminexus studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-05"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/n",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/n",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-71-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-01"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-00-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-72-/g )",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-71-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.35"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "infosphere guardium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-10"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/g (aix",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-50-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.13"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.11"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-02-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "network node manager i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.8"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-71"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.15"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-71-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-72-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise (solaris(sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "08-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-1"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.7"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.28"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-10"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-71-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.34"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.20"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-70-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-00-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-02-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional 06-70-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.10"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.32"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-71-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-72-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-71-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.6"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-02-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-70"
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.15"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.7"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-72(*1)"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-71-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-00-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli key lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-02-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-50-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-70-/p",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-51-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform for rhel server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "65"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-02-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "network node manager i spi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.11"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/o",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-72-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-02"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-12"
          },
          {
            "_id": null,
            "model": "ucosminexus application server )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00"
          },
          {
            "_id": null,
            "model": "jboss operations network",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.4.2"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-71-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-02"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-00-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-00-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-10"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli netcool performance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.10"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20"
          },
          {
            "_id": null,
            "model": "ucosminexus application server 06-70-/d (windows",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterpris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-09"
          },
          {
            "_id": null,
            "model": "aura system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-05"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.7"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard 06-71-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.26"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/b )",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/m",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.31"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-09"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-72-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-05"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.22"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise 06-71-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-71-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-03-03"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-00-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-01"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-09"
          },
          {
            "_id": null,
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-71-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-09"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.3"
          },
          {
            "_id": null,
            "model": "cosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-00"
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-50-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-00-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-51-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.33"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-00-10"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-02"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-00"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-00-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/b (linux(",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-03-03"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-72-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-50-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/i",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 06-50-/g",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "cosminexus application server standard )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-02"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-50-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.15"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10-01"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-01-/l",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.25"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ucosminexus application server standard 06-70-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-02"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/o",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/h",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "jboss enterprise web server for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "61.0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-20-01"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.7"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-03-03"
          },
          {
            "_id": null,
            "model": "ucosminexus developer light 06-71-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/j",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-50-/b )",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server standard 06-51-/b (linux(",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli netcool/omnibus web gui",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/n",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-10"
          },
          {
            "_id": null,
            "model": "ucosminexus developer standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "06-70"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-02-/a",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-05-/p",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer professional 06-51-/b",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server enterprise 06-51-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus application server 05-00-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-05-/k",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer light 06-50-/d",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.29"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "ucosminexus application server enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "07-50-09"
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "cosminexus developer 05-01-/e",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux desktop workstation client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "infosphere guardium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-02-/c",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.0.28"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "5.5.10"
          },
          {
            "_id": null,
            "model": "geronimo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-01"
          },
          {
            "_id": null,
            "model": "cosminexus developer standard 06-02-/f",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-0341"
          },
          {
            "db": "BID",
            "id": "51200"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-056"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4858"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apache:tomcat",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:cognos_business_intelligence",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:cybozu:garoon",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:csview",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:infocage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:infoframe_documentskipper",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:websam_securemaster",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:it_operations_analyzer",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_shunsaku_data_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:serverview",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:success_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "109328"
          },
          {
            "db": "PACKETSTORM",
            "id": "112907"
          },
          {
            "db": "PACKETSTORM",
            "id": "109270"
          },
          {
            "db": "PACKETSTORM",
            "id": "111782"
          },
          {
            "db": "PACKETSTORM",
            "id": "109274"
          },
          {
            "db": "PACKETSTORM",
            "id": "112908"
          },
          {
            "db": "PACKETSTORM",
            "id": "109269"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2011-4858",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2011-4858",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-4858",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#903934",
                "trust": 0.8,
                "value": "10.80"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-4858",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201201-056",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2011-4858",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4858"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-056"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4858"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Multiple Hitachi COBOL2002 products have security vulnerabilities that allow attackers to take control of target user systems. No detailed vulnerability details are provided at this time. Apache Tomcat is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03716627\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03716627\nVersion: 1\n\nHPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine,\nRemote Denial of Service (DoS), Access Restriction Bypass, Unauthorized\nModification and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-03-28\nLast Updated: 2013-03-28\n\n- ----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), access restriction\nbypass, unauthorized modification and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache\nrunning Tomcat Servlet Engine. These vulnerabilities could be exploited\nremotely to create a Denial of Service (DoS) or to perform an access\nrestriction bypass, unauthorized modification, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache running Tomcat Servlet Engine\n5.5.35.01 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2008-5515    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2009-0033    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2009-0580    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2009-0781    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2009-0783    (AV:L/AC:L/Au:N/C:P/I:P/A:P)       4.6\nCVE-2009-2693    (AV:N/AC:M/Au:N/C:N/I:P/A:P)       5.8\nCVE-2009-2902    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2009-3548    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2010-1157    (AV:N/AC:H/Au:N/C:P/I:N/A:N)       2.6\nCVE-2010-2227    (AV:N/AC:L/Au:N/C:P/I:N/A:P)       6.4\nCVE-2010-3718    (AV:L/AC:H/Au:N/C:N/I:P/A:N)       1.2\nCVE-2010-4476    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2011-0013    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2011-1184    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2011-2204    (AV:L/AC:M/Au:N/C:P/I:N/A:N)       1.9\nCVE-2011-2526    (AV:L/AC:M/Au:N/C:P/I:P/A:P)       4.4\nCVE-2011-2729    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2011-3190    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2011-4858    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-0022    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2012-5885    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerability. \nThe updates are available for download from https://h20392.www2.hp.com/portal\n/swdepot/displayProductInfo.do?productNumber=HPUXWST553601\n\nServlet Version\n Depot Name\n\nHP-UX Apache Tomcat Servlet Engine v5.5.36.01\nHP-UX_11.23_HPUXWS22T-B5536-1123.depot\n\nHP-UX_11.31_HPUXWS22T-B5536-1131.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Apache Tomcat Servlet Engine 5.5.36.01 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX Web Server Suite\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.5.5.36.01 or subsequent\n\nEND AFFECTED VERSION\n\nHISTORY\nVersion:1 (rev.1) - 28 March 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Description:\n\nJBoss Operations Network (JBoss ON) is a middleware management solution\nthat provides a single point of control to deploy, manage, and monitor\nJBoss Enterprise Middleware, applications, and services. The Release\nNotes will be available shortly from\nhttps://docs.redhat.com/docs/en-US/index.html\n\nThe following security issues are also fixed with this release:\n\nJBoss ON did not properly verify security tokens, allowing an unapproved\nagent to connect as an approved agent. As a result,\nthe attacker could retrieve sensitive data about the server the hijacked\nagent was running on, including JMX credentials. (CVE-2012-0052)\n\nJBoss ON sometimes allowed agent registration to succeed when the\nregistration request did not include a security token. This is a feature\ndesigned to add convenience. A remote attacker could use this flaw to\nspoof the identity of an approved agent and pass a null security token,\nallowing them to hijack the approved agent\u0027s session, and steal its\nsecurity token. As a result, the attacker could retrieve sensitive data\nabout the server the hijacked agent was running on, including JMX\ncredentials. (CVE-2011-4858)\n\nMultiple cross-site scripting (XSS) flaws were found in the JBoss ON\nadministration interface. If a remote attacker could trick a user, who was\nlogged into the JBoss ON administration interface, into visiting a\nspecially-crafted URL, it would lead to arbitrary web script execution in\nthe context of the user\u0027s JBoss ON session. (CVE-2011-3206)\n\nJBoss ON did not verify that a user had the proper modify resource\npermissions when they attempted to delete a plug-in configuration update\nfrom the group connection properties history. This could allow such a user\nto delete a plug-in configuration update from the audit trail. Note that a\nuser without modify resource permissions cannot use this flaw to make\nconfiguration changes. \nHP Network Node Manager I (NNMi) v9.0X and v9.1X for HP-UX, Linux, Solaris,\nand Windows. \n\nThese hotfixes also apply to the following products and can be applied to all\npatch levels:\n\nHP NNM iSPI for IP QA\nHP NNM iSPI for IP Telephony\nHP NNM SPI for IP Multicast\nHP NNM SPI for MPLS\n\nNNMi Version\n Operating System\n Hotfix\n\n9.00\n HP-UX, Linux, Solaris, and Windows. \n HF-NNMi-9.0xP5-JBoss-20130417\n\n9.10\n HP-UX, Linux, Solaris, and Windows. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm\n\ni386:\ntomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.i386.rpm\n\nx86_64:\ntomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tomcat5-5.5.23-0jpp.31.el5_8.src.rpm\n\ni386:\ntomcat5-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-common-lib-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-debuginfo-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-jasper-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-server-lib-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.i386.rpm\ntomcat5-webapps-5.5.23-0jpp.31.el5_8.i386.rpm\n\nx86_64:\ntomcat5-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-admin-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-common-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-debuginfo-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-jasper-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-server-lib-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8.x86_64.rpm\ntomcat5-webapps-5.5.23-0jpp.31.el5_8.x86_64.rpm\n\nRed Hat Enterprise Linux (v. Description:\n\nThe JBoss Communications Platform (JBCP) is an open source VoIP platform\ncertified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as\na high performance core for Service Delivery Platforms (SDPs) and IP\nMultimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence\nof data and video in Next-Generation Intelligent Network (NGIN)\napplications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: tomcat6 security and bug fix update\nAdvisory ID:       RHSA-2012:0681-01\nProduct:           JBoss Enterprise Web Server\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2012-0681.html\nIssue date:        2012-05-21\nCVE Names:         CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 \n                   CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 \n                   CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 \n                   CVE-2012-0022 \n=====================================================================\n\n1. Summary:\n\nAn update for the Apache Tomcat 6 component for JBoss Enterprise Web Server\n1.0.2 that fixes multiple security issues and three bugs is now available\nfrom the Red Hat Customer Portal. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. \n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage. \n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application\u0027s\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user\u0027s request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user\u0027s password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server. \n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858. \n\n3. Solution:\n\nAll users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat\nCustomer Portal are advised to apply this update. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). \n\nTomcat must be restarted for this update to take effect. \n\n4. Bugs fixed (http://bugzilla.redhat.com/):\n\n717013 - CVE-2011-2204 tomcat: password disclosure vulnerability\n720948 - CVE-2011-2526 tomcat: security manager restrictions bypass\n734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure\n741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication\n750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)\n782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling\n783359 - CVE-2012-0022 tomcat: large number of parameters DoS\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-1184.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2204.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2526.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3190.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3375.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4858.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5062.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5063.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5064.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0022.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://tomcat.apache.org/security-6.html\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=1.0.2\nhttps://issues.jboss.org/browse/JBPAPP-4873\nhttps://issues.jboss.org/browse/JBPAPP-6133\nhttps://issues.jboss.org/browse/JBPAPP-6852\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPunlvXlSAg2UNWIIRAvqnAKCFCNODTaq3A180VLq9ptMsBURTcwCgsJls\nJsG5zbN8j1JMa8din0vPkdw=\n=zajO\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi COBOL2002 Products Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47612\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47612/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47612\n\nRELEASE DATE:\n2012-01-20\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47612/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47612/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47612\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has reported a vulnerability in some COBOL2002 products,\nwhich can be exploited by malicious users to compromise a vulnerable\nsystem. \n\nThe vulnerability is caused due to an unspecified error. No further\ninformation is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-4858"
          },
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-0341"
          },
          {
            "db": "BID",
            "id": "51200"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4858"
          },
          {
            "db": "PACKETSTORM",
            "id": "121037"
          },
          {
            "db": "PACKETSTORM",
            "id": "109328"
          },
          {
            "db": "PACKETSTORM",
            "id": "112907"
          },
          {
            "db": "PACKETSTORM",
            "id": "109270"
          },
          {
            "db": "PACKETSTORM",
            "id": "122552"
          },
          {
            "db": "PACKETSTORM",
            "id": "111782"
          },
          {
            "db": "PACKETSTORM",
            "id": "109274"
          },
          {
            "db": "PACKETSTORM",
            "id": "112908"
          },
          {
            "db": "PACKETSTORM",
            "id": "108859"
          },
          {
            "db": "PACKETSTORM",
            "id": "109269"
          }
        ],
        "trust": 4.14
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2011-4858"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-4858",
            "trust": 3.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#903934",
            "trust": 3.3
          },
          {
            "db": "OCERT",
            "id": "OCERT-2011-003",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "51200",
            "trust": 1.4
          },
          {
            "db": "SECUNIA",
            "id": "48791",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "48790",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "48549",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "54971",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "55115",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "47612",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-0341",
            "trust": 0.6
          },
          {
            "db": "MLIST",
            "id": "[ANNOUNCE] 20111228 [SECURITY] APACHE TOMCAT AND THE HASHTABLE COLLISION DOS VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-056",
            "trust": 0.6
          },
          {
            "db": "HITACHI",
            "id": "HS12-002",
            "trust": 0.4
          },
          {
            "db": "HITACHI",
            "id": "HS12-019",
            "trust": 0.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "2012",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4858",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "121037",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109328",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "112907",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109270",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "122552",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "111782",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109274",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "112908",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "108859",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "109269",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-0341"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4858"
          },
          {
            "db": "BID",
            "id": "51200"
          },
          {
            "db": "PACKETSTORM",
            "id": "121037"
          },
          {
            "db": "PACKETSTORM",
            "id": "109328"
          },
          {
            "db": "PACKETSTORM",
            "id": "112907"
          },
          {
            "db": "PACKETSTORM",
            "id": "109270"
          },
          {
            "db": "PACKETSTORM",
            "id": "122552"
          },
          {
            "db": "PACKETSTORM",
            "id": "111782"
          },
          {
            "db": "PACKETSTORM",
            "id": "109274"
          },
          {
            "db": "PACKETSTORM",
            "id": "112908"
          },
          {
            "db": "PACKETSTORM",
            "id": "108859"
          },
          {
            "db": "PACKETSTORM",
            "id": "109269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-056"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4858"
          }
        ]
      },
      "id": "VAR-201201-0259",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-0341"
          }
        ],
        "trust": 0.9790197866666667
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-0341"
          }
        ]
      },
      "last_update_date": "2026-03-09T21:42:05.809000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Changelog",
            "trust": 0.8,
            "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
          },
          {
            "title": "HS12-019",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-019/index.html"
          },
          {
            "title": "HS12-003",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-003/index.html"
          },
          {
            "title": "1626697",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697"
          },
          {
            "title": "4034373",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373"
          },
          {
            "title": "NV12-003",
            "trust": 0.8,
            "url": "http://www.nec.co.jp/security-info/secinfo/nv12-003.html"
          },
          {
            "title": "Bug 750521",
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
          },
          {
            "title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java"
          },
          {
            "title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java1",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
          },
          {
            "title": "Multiple Denial of Service (DoS) vulnerabilities in Apache Tomcat",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos"
          },
          {
            "title": "CY12-02-006",
            "trust": 0.8,
            "url": "http://cs.cybozu.co.jp/information/20120224up08.php"
          },
          {
            "title": "interstage_as_201201",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html"
          },
          {
            "title": "HS12-019",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-019/index.html"
          },
          {
            "title": "HS12-003",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-003/index.html"
          },
          {
            "title": "\u3010iStorage M\u30b7\u30ea\u30fc\u30ba\u3011WebSAM Storage VMware vCenter Plug-inV1.1\u304c\u4f7f\u7528\u3057\u3066\u3044\u308bApache Tomcat\u8106\u5f31\u6027\u554f\u984c\u306e\u5bfe\u51e6\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.support.nec.co.jp/View.aspx?id=3140100906"
          },
          {
            "title": "WebOTX Web\u30b3\u30f3\u30c6\u30ca \u306e\u30cf\u30c3\u30b7\u30e5\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\uff08CVE-2011-4858\uff09\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "https://www.support.nec.co.jp/View.aspx?id=3010100358"
          },
          {
            "title": "InfoCage PC\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 - \u91cd\u8981\u306a\u304a\u77e5\u3089\u305b",
            "trust": 0.8,
            "url": "http://www.nec.co.jp/cced/infocage/info/pc_security_news120329.html"
          },
          {
            "title": "Patch for Hitachi COBOL2002 product has an unknown vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/8212"
          },
          {
            "title": "Red Hat: Moderate: tomcat6 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120475 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: tomcat5 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120474 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: jbossweb security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120074 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: jbossweb security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120076 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: tomcat6 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1359-1"
          },
          {
            "title": "Red Hat: Moderate: tomcat5 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120680 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: tomcat6 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120682 - Security Advisory"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2011-4084 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-0341"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4858"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
          },
          {
            "trust": 2.8,
            "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
          },
          {
            "trust": 2.5,
            "url": "http://www.kb.cert.org/vuls/id/903934"
          },
          {
            "trust": 1.7,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
          },
          {
            "trust": 1.7,
            "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0089.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0076.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0078.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0077.html"
          },
          {
            "trust": 1.1,
            "url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.debian.org/security/2012/dsa-2401"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/48791"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/48790"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/54971"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/55115"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0406.html"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0074.html"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0075.html"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2012-0325.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/51200"
          },
          {
            "trust": 1.1,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18886"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/48549"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106@apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106%40apache.org%3e"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858"
          },
          {
            "trust": 0.8,
            "url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4858"
          },
          {
            "trust": 0.8,
            "url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu903934"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4858"
          },
          {
            "trust": 0.7,
            "url": "http://secunia.com/advisories/47612/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022"
          },
          {
            "trust": 0.7,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.7,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-4858.html"
          },
          {
            "trust": 0.7,
            "url": "http://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
          },
          {
            "trust": 0.6,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0022.html"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-5063.html"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-2526.html"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-5064.html"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-1184.html"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-5062.html"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062"
          },
          {
            "trust": 0.4,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-002/index.html"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "http://tomcat.apache.org/"
          },
          {
            "trust": 0.3,
            "url": "http://geronimo.apache.org/21x-security-report.html#2.1.xsecurityreport-218"
          },
          {
            "trust": 0.3,
            "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231290\u0026ac.admitted=1332939369059.876444892.492883150"
          },
          {
            "trust": 0.3,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java"
          },
          {
            "trust": 0.3,
            "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675356"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675361"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674752"
          },
          {
            "trust": 0.3,
            "url": "http://downloads.avaya.com/css/p8/documents/100160577"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-019/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231290\u0026ac.admitted=1332967060052.876444892.199480143"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03824583"
          },
          {
            "trust": 0.3,
            "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650482"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21654075"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21654242"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651284"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672144"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646446"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21626697"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-4610.html"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4610"
          },
          {
            "trust": 0.2,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 0.2,
            "url": "https://docs.redhat.com/docs/en-us/index.html"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-2204.html"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3190.html"
          },
          {
            "trust": 0.2,
            "url": "https://issues.jboss.org/browse/jbpapp-6133"
          },
          {
            "trust": 0.2,
            "url": "https://issues.jboss.org/browse/jbpapp-4873"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2"
          },
          {
            "trust": 0.2,
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/kb/docs/doc-11259"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/399.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2012:0475"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2011-4084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/1359-1/"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/2012/"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24901"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
          },
          {
            "trust": 0.1,
            "url": "https://h20392.www2.hp.com/portal"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
          },
          {
            "trust": 0.1,
            "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515"
          },
          {
            "trust": 0.1,
            "url": "https://www.hp.com/go/swa"
          },
          {
            "trust": 0.1,
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-4573.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0052.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0062"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0052"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4573"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3206.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=em\u0026version=2.4.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3206"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2012-0062.html"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2012-0679.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=enterpriseweb.platform\u0026downloadtype=securitypatches\u0026version=5.1.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0738"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3554"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1429"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1483"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1428"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2196"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4605"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2012-0474.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=communications.platform\u0026downloadtype=distributions"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/browse/jbpapp-6852"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3375.html"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2012-0681.html"
          },
          {
            "trust": 0.1,
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3375"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/company/jobs/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/47612/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47612"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-0341"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4858"
          },
          {
            "db": "BID",
            "id": "51200"
          },
          {
            "db": "PACKETSTORM",
            "id": "121037"
          },
          {
            "db": "PACKETSTORM",
            "id": "109328"
          },
          {
            "db": "PACKETSTORM",
            "id": "112907"
          },
          {
            "db": "PACKETSTORM",
            "id": "109270"
          },
          {
            "db": "PACKETSTORM",
            "id": "122552"
          },
          {
            "db": "PACKETSTORM",
            "id": "111782"
          },
          {
            "db": "PACKETSTORM",
            "id": "109274"
          },
          {
            "db": "PACKETSTORM",
            "id": "112908"
          },
          {
            "db": "PACKETSTORM",
            "id": "108859"
          },
          {
            "db": "PACKETSTORM",
            "id": "109269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-056"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4858"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#903934",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-0341",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-4858",
            "ident": null
          },
          {
            "db": "BID",
            "id": "51200",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "121037",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "109328",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "112907",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "109270",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "122552",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "111782",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "109274",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "112908",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "108859",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "109269",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-056",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001003",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4858",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-12-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#903934",
            "ident": null
          },
          {
            "date": "2012-02-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-0341",
            "ident": null
          },
          {
            "date": "2012-01-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-4858",
            "ident": null
          },
          {
            "date": "2011-12-29T00:00:00",
            "db": "BID",
            "id": "51200",
            "ident": null
          },
          {
            "date": "2013-04-01T15:55:00",
            "db": "PACKETSTORM",
            "id": "121037",
            "ident": null
          },
          {
            "date": "2012-02-02T01:22:48",
            "db": "PACKETSTORM",
            "id": "109328",
            "ident": null
          },
          {
            "date": "2012-05-22T00:22:52",
            "db": "PACKETSTORM",
            "id": "112907",
            "ident": null
          },
          {
            "date": "2012-02-01T02:54:24",
            "db": "PACKETSTORM",
            "id": "109270",
            "ident": null
          },
          {
            "date": "2013-07-25T18:22:00",
            "db": "PACKETSTORM",
            "id": "122552",
            "ident": null
          },
          {
            "date": "2012-04-12T03:11:30",
            "db": "PACKETSTORM",
            "id": "111782",
            "ident": null
          },
          {
            "date": "2012-02-01T02:55:27",
            "db": "PACKETSTORM",
            "id": "109274",
            "ident": null
          },
          {
            "date": "2012-05-22T00:23:56",
            "db": "PACKETSTORM",
            "id": "112908",
            "ident": null
          },
          {
            "date": "2012-01-20T08:20:00",
            "db": "PACKETSTORM",
            "id": "108859",
            "ident": null
          },
          {
            "date": "2012-02-01T02:53:47",
            "db": "PACKETSTORM",
            "id": "109269",
            "ident": null
          },
          {
            "date": "2012-01-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201201-056",
            "ident": null
          },
          {
            "date": "2012-01-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001003",
            "ident": null
          },
          {
            "date": "2012-01-05T19:55:01.033000",
            "db": "NVD",
            "id": "CVE-2011-4858",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-02-15T00:00:00",
            "db": "CERT/CC",
            "id": "VU#903934",
            "ident": null
          },
          {
            "date": "2012-02-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-0341",
            "ident": null
          },
          {
            "date": "2018-01-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-4858",
            "ident": null
          },
          {
            "date": "2017-05-23T16:26:00",
            "db": "BID",
            "id": "51200",
            "ident": null
          },
          {
            "date": "2012-01-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201201-056",
            "ident": null
          },
          {
            "date": "2013-03-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001003",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-4858",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "109270"
          },
          {
            "db": "PACKETSTORM",
            "id": "111782"
          },
          {
            "db": "PACKETSTORM",
            "id": "112908"
          },
          {
            "db": "PACKETSTORM",
            "id": "109269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-056"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "_id": null,
        "data": "Hash table implementations vulnerable to algorithmic complexity attacks",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#903934"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-056"
          }
        ],
        "trust": 0.6
      }
    }