Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-0050 (GCVE-0-2014-0050)
Vulnerability from cvelistv5 – Published: 2014-03-28 19:00 – Updated: 2024-08-06 09:05
VLAI
EPSS
Summary
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
69 references
Date Public
2014-02-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
},
{
"name": "JVN#14876762",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14876762/index.html"
},
{
"name": "HPSBGN03329",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
},
{
"name": "60753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60753"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"name": "59184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
},
{
"name": "DSA-2856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2856"
},
{
"name": "59039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59039"
},
{
"name": "59185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "58075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58075"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"name": "59187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59187"
},
{
"name": "59041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html"
},
{
"name": "60475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/r1565143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0110.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
},
{
"name": "MDVSA-2015:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "59492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59492"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "59500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59500"
},
{
"name": "59183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2014:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
},
{
"name": "JVNDB-2014-000017",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "USN-2130-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2130-1"
},
{
"name": "65400",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65400"
},
{
"name": "RHSA-2014:0400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html"
},
{
"name": "59725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59725"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
},
{
"name": "57915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "59399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59399"
},
{
"name": "[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name": "58976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58976"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"
},
{
"name": "RHSA-2014:0253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0253.html"
},
{
"name": "59232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
},
{
"name": "20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"name": "GLSA-202107-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T07:06:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
},
{
"name": "JVN#14876762",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14876762/index.html"
},
{
"name": "HPSBGN03329",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
},
{
"name": "60753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60753"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"name": "59184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
},
{
"name": "DSA-2856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2856"
},
{
"name": "59039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59039"
},
{
"name": "59185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "58075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58075"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"name": "59187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59187"
},
{
"name": "59041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html"
},
{
"name": "60475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/r1565143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0110.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
},
{
"name": "MDVSA-2015:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "59492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59492"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "59500",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59500"
},
{
"name": "59183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2014:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
},
{
"name": "JVNDB-2014-000017",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "USN-2130-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2130-1"
},
{
"name": "65400",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65400"
},
{
"name": "RHSA-2014:0400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html"
},
{
"name": "59725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59725"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
},
{
"name": "57915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "59399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59399"
},
{
"name": "[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name": "58976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58976"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"
},
{
"name": "RHSA-2014:0253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0253.html"
},
{
"name": "59232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
},
{
"name": "20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"name": "GLSA-202107-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
},
{
"name": "JVN#14876762",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14876762/index.html"
},
{
"name": "HPSBGN03329",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
},
{
"name": "60753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60753"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"name": "59184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59184"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
},
{
"name": "DSA-2856",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2856"
},
{
"name": "59039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59039"
},
{
"name": "59185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59185"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "58075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58075"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"name": "59187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59187"
},
{
"name": "59041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59041"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html"
},
{
"name": "60475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60475"
},
{
"name": "http://svn.apache.org/r1565143",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/r1565143"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0110.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0110.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"name": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html",
"refsource": "MISC",
"url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
},
{
"name": "MDVSA-2015:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "59492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59492"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "59500",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59500"
},
{
"name": "59183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59183"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2014:0252",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0252.html"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
},
{
"name": "JVNDB-2014-000017",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "USN-2130-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2130-1"
},
{
"name": "65400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65400"
},
{
"name": "RHSA-2014:0400",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html"
},
{
"name": "59725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59725"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
},
{
"name": "57915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57915"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "59399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59399"
},
{
"name": "[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name": "58976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58976"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"
},
{
"name": "RHSA-2014:0253",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0253.html"
},
{
"name": "59232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59232"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
},
{
"name": "20140625 NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"name": "GLSA-202107-39",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0050",
"datePublished": "2014-03-28T19:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:38.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2014-0050",
"date": "2026-05-29",
"epss": "0.92712",
"percentile": "0.99762"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-0050\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-04-01T06:27:51.373\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions.\"},{\"lang\":\"es\",\"value\":\"MultipartStream.java en Apache Commons FileUpload anterior a 1.3.1, utilizado en Apache Tomcat, JBoss Web y otros productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\u00e9s de una cabecera Content-Type manipulada que evade las condiciones de salida del bucle.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_applications:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2141D8D6-1899-49A2-85C7-4E1ACA411663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_applications:12.0in:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98176890-C14E-4E0F-878D-8B7CDDF36389\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_applications:13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B31C4B61-0A82-4ADC-8DE3-E291B06694AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_applications:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DDCBCD1-583C-4039-AFA3-0136F9E8F46D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_applications:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5D95173-F331-4886-A312-2122B74A28FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_applications:13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6953917-DD9F-40DE-A9B2-0D3464F7864B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_applications:13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88BDD825-2CC8-4164-A895-5AC00F122F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_applications:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D1D695F-15EF-4CDE-98C4-91E9D3D5188A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3\",\"matchCriteriaId\":\"BD5CFCD3-1E1E-4A9E-B0D8-1DA505BC426A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F15B6651-DC03-4403-BA24-847509A818C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7E0CBD8-A3CA-46D2-92ED-FBD3E0B34984\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EAAFFAF-4570-4520-A204-03CA6B25CEA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9419F6EC-7A3D-483E-8331-8BAC8546F294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C5F883-306F-4CEE-A56F-5B697962AB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6318E461-47A6-40F5-ACB6-A5B7DD19CCA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8C62EF-1B67-456A-9C66-755439CF8556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E9607B-4D28-460D-896B-E4B7FA22441E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A819E245-D641-4F19-9139-6C940504F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81A31CA0-A209-4C49-AA06-C38E165E5B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7205475A-6D04-4042-B24E-1DA5A57029B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08022987-B36B-4F63-88A5-A8F59195DF4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA563BF-A67A-477D-956A-167ABEF885C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4B7557-EF35-451E-B55D-3296966695AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8756BF9B-3E24-4677-87AE-31CE776541F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F194580-EE6D-4E38-87F3-F0661262256B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05346F5A-FB52-4376-AAC7-9A5308216545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"305688F2-50A6-41FB-8614-BC589DB9A789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D24AA431-C436-4AA5-85DF-B9AAFF2548FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25966344-15D5-4101-9346-B06BFD2DFFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F4CBAC-27B1-4EFF-955A-A63B457D0578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD55B338-9DBE-4643-ABED-A08964D3AF7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4F710E-06EA-48F4-AC6A-6F143950F015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4936C2-0B2D-4C44-98C3-443090965F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48453405-2319-4327-9F4C-6F70B49452C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4670E65-2E11-49A4-B661-57C2F60D411F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E8FF71D-4710-4FBB-9925-A6A26C450F7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31002A23-4788-4BC7-AE11-A3C2AA31716D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7144EDDF-8265-4642-8EEB-ED52527E0A26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF06B5C1-B9DD-4673-A101-56E1E593ACDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D731065-626B-4425-8E49-F708DD457824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D850EA-E537-42C8-93B9-96E15CB26747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E037DA05-2BEF-4F64-B8BB-307247B6A05C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCAF1EB5-FB34-40FC-96ED-9D073890D8BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D395D95B-1F4A-420E-A0F6-609360AF7B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD221BA-0AB6-4972-8AD9-5D37AC07762F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55B6565-96CB-4F6A-9A80-C3FB82F30546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3300AFE-49A4-4904-B9A0-5679F09FA01E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5125CC-05F9-4678-90DB-A5C7CD24AE6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B904C74-B92E-4EAE-AE6C-78E2B844C3DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C6109D1-BC36-40C5-A02A-7AEBC949BAC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA8A7333-B4C3-4876-AE01-62F2FD315504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92993E23-D805-407B-8B87-11CEEE8B212F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A11BD74-305C-41E2-95B1-5008EEF5FA5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"595442D0-9DB7-475A-AE30-8535B70E122E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B0BA92A-0BD3-4CE4-9465-95E949104BAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F944B72-B9EB-4EB8-AEA3-E0D7ADBE1305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD3EB84-2ED2-49D4-8BC9-6398C2E46F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEDF6E1A-0DD6-42AB-9510-F6F4B6002C91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C947E549-2459-4AFB-84A7-36BDA30B5F29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4752862B-7D26-4285-B8A0-CF082C758353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*\",\"matchCriteriaId\":\"58EA7199-3373-4F97-9907-3A479A02155E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4693BD36-E522-4C8E-9667-8F3E14A05EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBBC5EA-012C-4C5D-A61B-BAF134B300DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A358FDF-C249-4D7A-9445-8B9E7D9D40AF\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2014-0110.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://jvn.jp/en/jp/JVN14876762/index.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0252.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0253.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0400.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57915\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/58075\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/58976\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59039\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59041\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59183\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59184\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59185\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59187\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59232\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59399\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59492\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59500\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59725\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/60475\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/60753\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/r1565143\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-8.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21669554\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675432\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676091\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676092\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676401\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676403\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676405\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676410\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676656\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676853\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21677691\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21677724\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21681214\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2014/dsa-2856\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/532549/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/65400\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2130-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0007.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0008.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1062337\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202107-39\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://advisories.mageia.org/MGASA-2014-0110.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://jvn.jp/en/jp/JVN14876762/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0252.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0253.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0400.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/58075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/58976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59183\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59399\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59500\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/60475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/60753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/r1565143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-8.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21669554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676403\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21677691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21677724\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21681214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2014/dsa-2856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/532549/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/65400\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2130-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1062337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-39\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"The previous CVSS assessment ( Base Score: 5.0 - AV:N/AC:L/AU:N/C:N/I:N/A:P) was provided at the time of initial analysis based on the best available published information at that time. The score has been updated to reflect the impact to Oracle products per \u003ca href=http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\u003e Oracle Critical Patch Update Advisory - October 2015 \u003c/a\u003e. Other products listed as vulnerable may or may not be similarly impacted.\"}}"
}
}
RHSA-2015:1009
Vulnerability from csaf_redhat - Published: 2015-05-14 15:14 - Updated: 2026-05-14 22:17Summary
Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 update
Severity
Important
Notes
Topic: Red Hat JBoss Portal 6.2.0, which fixes multiple security issues and
various bugs, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Red Hat JBoss Portal is the open source implementation of the Java EE suite
of services and Portal services running atop Red Hat JBoss Enterprise
Application Platform.
Details: This release of Red Hat JBoss Portal 6.2.0 serves as a replacement for
Red Hat JBoss BPM Suite 6.1.1, and includes bug fixes and enhancements.
Refer to the Red Hat JBoss BPM Suite 6.2.0 Release Notes for information on
the most significant of these changes. The Release Notes are available at
https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Portal/
The following security issues are also fixed with this release,
descriptions of which can be found on the respective CVE pages linked in
the References section.
CVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass
CVE-2013-1624 bouncycastle: TLS CBC padding timing attack
CVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws
handlers
CVE-2013-4286 JBossWeb: multiple content-length header poisoning flaws
CVE-2013-5855 Mojarra JSF2: XSS due to insufficient escaping of
user-supplied content in outputText tags and EL expressions
CVE-2013-7285 XStream: remote code execution due to insecure XML
deserialization
CVE-2014-0005 PicketBox/JBossSX: Security domain authentication
configuration modifiable by application
CVE-2014-0018 JBoss AS Server: Unchecked access to MSC Service Registry
under JSM
CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid
SAML Tokens as valid
CVE-2014-0035 Apache CXF: UsernameTokens are sent in plaintext with a
Symmetric EncryptBeforeSigning policy
CVE-2014-0050 JBossWeb: denial of service due to too-small buffer size used
bt MultipartStream
CVE-2014-0058 Red Hat JBoss EAP 6: Plain text password logging
CVE-2014-0059 PicketBox/JBossSX: World readable audit.log file
CVE-2014-0075 JBossWeb: Limited DoS in chunked transfer encoding input
filter
CVE-2014-0086 JBoss RichFaces: remote denial of service via memory
exhaustion
CVE-2014-0093 Red Hat JBoss EAP 6: JSM policy not respected by deployed
applications
CVE-2014-0096 JBossWeb: XXE vulnerability via user supplied XSLTs
CVE-2014-0099 JBossWeb: Request smuggling via malicious content length
header
CVE-2014-0107 Xalan-Java: insufficient constraints in secure processing
feature (oCERT-2014-002)
CVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause
OOM errors
CVE-2014-0110 Apache CXF: Large invalid content fills temporary space
CVE-2014-0119 JBossWeb: XML parser hijack by malicious web application
CVE-2014-0193 Netty: DoS via memory exhaustion during data aggregation
CVE-2014-0227 JBossWeb: Limited DoS in chunked transfer encoding input
filter
CVE-2014-0245 GateIn WSRP: Information disclosure via unsafe concurrency
handling in interceptor
CVE-2014-3472 JBoss AS Controller: Invalid EJB caller role check
CVE-2014-3481 JBoss AS JAX RS Integration: Information disclosure via XML
XXE
CVE-2014-3490 RESTEasy: XXE via parameter entities
CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage
CVE-2014-3574 Apache POI: entity expansion (billion laughs) flaw
CVE-2014-3529 Apache POI: XXE flaw
CVE-2014-3577 Apache HttpComponents incomplete fix for CVE-2012-6153
CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file
CVE-2014-4172 Cas-client: Bypass of security constraints via URL parameter
injection
Red Hat would like to thank James Roper of Typesafe for reporting
CVE-2014-0193, CA Technologies for reporting CVE-2014-3472, and Alexander
Papadakis for reporting CVE-2014-3530. The CVE-2013-2133 issue was
discovered by Richard Opalka and Arun Neelicattu of Red Hat, the
CVE-2014-0005 issue was discovered by Josef Cacek of the Red Hat JBoss EAP
Quality Engineering team, the CVE-2014-0018 issue was discovered by Stuart
Douglas of Red Hat, the CVE-2014-3481 issue was discovered by the Red Hat
JBoss Enterprise Application Platform QE team, the CVE-2014-0075 and
CVE-2014-3490 issues were discovered by David Jorm of Red Hat Product
Security, and the CVE-2014-0093 issue was discovered by Josef Cacek of the
Red Hat JBoss EAP Quality Engineering team.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
5.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.
5.1 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.
4.0 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests.
5.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute arbitrary web script in the user's browser.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.
6.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other applications deployed on the same system, disclose privileged information, and in certain cases allow arbitrary code execution.
3.6 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.
1.9 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request.
5.0 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.
1.9 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file.
2.1 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that certain malformed requests caused RichFaces to leak memory. A remote, unauthenticated attacker could use this flaw to send a large number of malformed requests to a RichFaces application that uses the Atmosphere framework, leading to a denial of service (excessive memory consumption) on the application server.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted.
4.0 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information.
2.1 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.
5.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
6.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error.
3.5 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that when a large invalid SOAP message was processed by Apache CXF, it could be saved to a temporary file in the /tmp directory. A remote attacker could send a specially crafted SOAP message that, when processed by an application using Apache CXF, would use an excessive amount of disk space, possibly causing a denial of service.
3.5 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web / Apache Tomcat instance.
2.1 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user.
2.6 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that the isCallerInRole() method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles.
2.1 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity (XXE) attacks on RESTEasy applications accepting XML input.
5.0 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
5.0 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity (XXE) attacks.
5.0 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
7.5 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
5.0 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them.
2.1 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
5.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity (XXE) attacks.
5.0 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key.
7.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request.
4.0 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Portal 6.2
Red Hat / Red Hat JBoss Portal
|
cpe:/a:redhat:jboss_enterprise_portal_platform:6.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
198 references
Acknowledgments
Red Hat Product Security
Florian Weimer
Richard Opalka
Red Hat
Arun Neelicattu
Red Hat JBoss EAP Quality Engineering team
Josef Cacek
Red Hat
Stuart Douglas
Red Hat Product Security
David Jorm
Typesafe
James Roper
CA Technologies
Alexander Papadakis
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Portal 6.2.0, which fixes multiple security issues and\nvarious bugs, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.\n\nRed Hat JBoss Portal is the open source implementation of the Java EE suite\nof services and Portal services running atop Red Hat JBoss Enterprise\nApplication Platform.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat JBoss Portal 6.2.0 serves as a replacement for\nRed Hat JBoss BPM Suite 6.1.1, and includes bug fixes and enhancements.\nRefer to the Red Hat JBoss BPM Suite 6.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes are available at\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Portal/\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass\n\nCVE-2013-1624 bouncycastle: TLS CBC padding timing attack\n\nCVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws\nhandlers\n\nCVE-2013-4286 JBossWeb: multiple content-length header poisoning flaws\n\nCVE-2013-5855 Mojarra JSF2: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2013-7285 XStream: remote code execution due to insecure XML\ndeserialization\n\nCVE-2014-0005 PicketBox/JBossSX: Security domain authentication\nconfiguration modifiable by application\n\nCVE-2014-0018 JBoss AS Server: Unchecked access to MSC Service Registry\nunder JSM\n\nCVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid\nSAML Tokens as valid\n\nCVE-2014-0035 Apache CXF: UsernameTokens are sent in plaintext with a\nSymmetric EncryptBeforeSigning policy\n\nCVE-2014-0050 JBossWeb: denial of service due to too-small buffer size used\nbt MultipartStream\n\nCVE-2014-0058 Red Hat JBoss EAP 6: Plain text password logging\n\nCVE-2014-0059 PicketBox/JBossSX: World readable audit.log file\n\nCVE-2014-0075 JBossWeb: Limited DoS in chunked transfer encoding input\nfilter\n\nCVE-2014-0086 JBoss RichFaces: remote denial of service via memory\nexhaustion\n\nCVE-2014-0093 Red Hat JBoss EAP 6: JSM policy not respected by deployed\napplications\n\nCVE-2014-0096 JBossWeb: XXE vulnerability via user supplied XSLTs\n\nCVE-2014-0099 JBossWeb: Request smuggling via malicious content length\nheader\n\nCVE-2014-0107 Xalan-Java: insufficient constraints in secure processing\nfeature (oCERT-2014-002)\n\nCVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause\nOOM errors\n\nCVE-2014-0110 Apache CXF: Large invalid content fills temporary space\n\nCVE-2014-0119 JBossWeb: XML parser hijack by malicious web application\n\nCVE-2014-0193 Netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 JBossWeb: Limited DoS in chunked transfer encoding input\nfilter\n\nCVE-2014-0245 GateIn WSRP: Information disclosure via unsafe concurrency\nhandling in interceptor\n\nCVE-2014-3472 JBoss AS Controller: Invalid EJB caller role check\n\nCVE-2014-3481 JBoss AS JAX RS Integration: Information disclosure via XML\nXXE\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3574 Apache POI: entity expansion (billion laughs) flaw\n\nCVE-2014-3529 Apache POI: XXE flaw\n\nCVE-2014-3577 Apache HttpComponents incomplete fix for CVE-2012-6153\n\nCVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file\n\nCVE-2014-4172 Cas-client: Bypass of security constraints via URL parameter\ninjection\n\nRed Hat would like to thank James Roper of Typesafe for reporting\nCVE-2014-0193, CA Technologies for reporting CVE-2014-3472, and Alexander\nPapadakis for reporting CVE-2014-3530. The CVE-2013-2133 issue was\ndiscovered by Richard Opalka and Arun Neelicattu of Red Hat, the\nCVE-2014-0005 issue was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team, the CVE-2014-0018 issue was discovered by Stuart\nDouglas of Red Hat, the CVE-2014-3481 issue was discovered by the Red Hat\nJBoss Enterprise Application Platform QE team, the CVE-2014-0075 and\nCVE-2014-3490 issues were discovered by David Jorm of Red Hat Product\nSecurity, and the CVE-2014-0093 issue was discovered by Josef Cacek of the\nRed Hat JBoss EAP Quality Engineering team.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1009",
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal\u0026downloadType=distributions",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal\u0026downloadType=distributions"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Portal/",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Portal/"
},
{
"category": "external",
"summary": "908428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908428"
},
{
"category": "external",
"summary": "969924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=969924"
},
{
"category": "external",
"summary": "1049736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049736"
},
{
"category": "external",
"summary": "1051277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051277"
},
{
"category": "external",
"summary": "1052783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783"
},
{
"category": "external",
"summary": "1058454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058454"
},
{
"category": "external",
"summary": "1062337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"category": "external",
"summary": "1063641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063641"
},
{
"category": "external",
"summary": "1063642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063642"
},
{
"category": "external",
"summary": "1065139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065139"
},
{
"category": "external",
"summary": "1067268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067268"
},
{
"category": "external",
"summary": "1069921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921"
},
{
"category": "external",
"summary": "1070046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070046"
},
{
"category": "external",
"summary": "1072776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
},
{
"category": "external",
"summary": "1080248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080248"
},
{
"category": "external",
"summary": "1088342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
},
{
"category": "external",
"summary": "1092783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092783"
},
{
"category": "external",
"summary": "1093526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093526"
},
{
"category": "external",
"summary": "1093527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093527"
},
{
"category": "external",
"summary": "1093529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093529"
},
{
"category": "external",
"summary": "1093530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093530"
},
{
"category": "external",
"summary": "1101303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101303"
},
{
"category": "external",
"summary": "1102030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
},
{
"category": "external",
"summary": "1102038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102038"
},
{
"category": "external",
"summary": "1103815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103815"
},
{
"category": "external",
"summary": "1105242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1105242"
},
{
"category": "external",
"summary": "1107901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107901"
},
{
"category": "external",
"summary": "1109196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196"
},
{
"category": "external",
"summary": "1112987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987"
},
{
"category": "external",
"summary": "1126687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126687"
},
{
"category": "external",
"summary": "1129074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129074"
},
{
"category": "external",
"summary": "1129916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129916"
},
{
"category": "external",
"summary": "1131350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"
},
{
"category": "external",
"summary": "1138135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138135"
},
{
"category": "external",
"summary": "1138140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138140"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1009.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 update",
"tracking": {
"current_release_date": "2026-05-14T22:17:37+00:00",
"generator": {
"date": "2026-05-14T22:17:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2015:1009",
"initial_release_date": "2015-05-14T15:14:47+00:00",
"revision_history": [
{
"date": "2015-05-14T15:14:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:35:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:17:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Portal 6.2",
"product": {
"name": "Red Hat JBoss Portal 6.2",
"product_id": "Red Hat JBoss Portal 6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Portal"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Florian Weimer"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-6153",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"discovery_date": "2012-11-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1129916"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject\u0027s Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/solutions/1165533\n\nThis issue affects the versions of HttpComponents Client and ModeShape Client as shipped with Red Hat JBoss Data Virtualization 6. However, this flaw is not known to be exploitable under any supported scenario in Red Hat JBoss Data Virtualization 6. A future update may address this issue.\n\nThis issue did not affect the jakarta-commons-httpclient packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, and httpcomponents-client packages as shipped with Red Hat Enterprise Linux 7.\n\nRed Hat JBoss Enterprise Application Platform 4, Red Hat JBoss SOA Platform 4, and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/\n\nFuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-6153"
},
{
"category": "external",
"summary": "RHBZ#1129916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129916"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-6153",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6153"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6153"
}
],
"release_date": "2014-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix"
},
{
"cve": "CVE-2013-1624",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2013-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "908428"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: TLS CBC padding timing attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1624"
},
{
"category": "external",
"summary": "RHBZ#908428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908428"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1624",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1624"
},
{
"category": "external",
"summary": "http://www.isg.rhul.ac.uk/tls/",
"url": "http://www.isg.rhul.ac.uk/tls/"
},
{
"category": "external",
"summary": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
}
],
"release_date": "2013-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: TLS CBC padding timing attack"
},
{
"acknowledgments": [
{
"names": [
"Richard Opalka"
]
},
{
"names": [
"Arun Neelicattu"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-2133",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2013-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "969924"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "WS: EJB3 role restrictions are not applied to jaxws handlers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 4 and 5; Red Hat JBoss Enterprise Portal Platform 5; and Red Hat JBoss Enterprise SOA Platform 4 and 5 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2133"
},
{
"category": "external",
"summary": "RHBZ#969924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=969924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2133",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2133"
}
],
"release_date": "2013-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "WS: EJB3 role restrictions are not applied to jaxws handlers"
},
{
"cve": "CVE-2013-4286",
"discovery_date": "2014-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1069921"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: multiple content-length header poisoning flaws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4286"
},
{
"category": "external",
"summary": "RHBZ#1069921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4286",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4286"
}
],
"release_date": "2014-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: multiple content-length header poisoning flaws"
},
{
"cve": "CVE-2013-5855",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2014-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1065139"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute arbitrary web script in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-5855"
},
{
"category": "external",
"summary": "RHBZ#1065139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-5855",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5855"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5855",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5855"
},
{
"category": "external",
"summary": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/bc-p/6370209",
"url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/bc-p/6370209"
}
],
"release_date": "2014-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions"
},
{
"cve": "CVE-2013-7285",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2013-12-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1051277"
}
],
"notes": [
{
"category": "description",
"text": "It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: remote code execution due to insecure XML deserialization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-7285"
},
{
"category": "external",
"summary": "RHBZ#1051277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-7285",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-7285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7285"
},
{
"category": "external",
"summary": "http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html",
"url": "http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html"
},
{
"category": "external",
"summary": "http://xstream.codehaus.org/security.html",
"url": "http://xstream.codehaus.org/security.html"
},
{
"category": "external",
"summary": "https://securityblog.redhat.com/2014/01/23/java-deserialization-flaws-part-2-xml-deserialization/",
"url": "https://securityblog.redhat.com/2014/01/23/java-deserialization-flaws-part-2-xml-deserialization/"
}
],
"release_date": "2013-12-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "XStream: remote code execution due to insecure XML deserialization"
},
{
"acknowledgments": [
{
"names": [
"Josef Cacek"
],
"organization": "Red Hat JBoss EAP Quality Engineering team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0005",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2014-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1049736"
}
],
"notes": [
{
"category": "description",
"text": "It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other applications deployed on the same system, disclose privileged information, and in certain cases allow arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0005"
},
{
"category": "external",
"summary": "RHBZ#1049736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0005"
}
],
"release_date": "2014-03-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application"
},
{
"acknowledgments": [
{
"names": [
"Stuart Douglas"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0018",
"discovery_date": "2014-01-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1052783"
}
],
"notes": [
{
"category": "description",
"text": "In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jboss-as-server: Unchecked access to MSC Service Registry under JSM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0018"
},
{
"category": "external",
"summary": "RHBZ#1052783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018"
}
],
"release_date": "2014-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jboss-as-server: Unchecked access to MSC Service Registry under JSM"
},
{
"cve": "CVE-2014-0034",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2014-05-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1093529"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0034"
},
{
"category": "external",
"summary": "RHBZ#1093529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0034",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0034"
}
],
"release_date": "2014-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid"
},
{
"cve": "CVE-2014-0035",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2014-05-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1093530"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0035"
},
{
"category": "external",
"summary": "RHBZ#1093530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0035",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0035"
}
],
"release_date": "2014-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy"
},
{
"cve": "CVE-2014-0050",
"discovery_date": "2014-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1062337"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0050"
},
{
"category": "external",
"summary": "RHBZ#1062337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0050"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050"
}
],
"release_date": "2014-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream"
},
{
"cve": "CVE-2014-0058",
"discovery_date": "2014-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1063641"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP6: Plain text password logging during security audit",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0058"
},
{
"category": "external",
"summary": "RHBZ#1063641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063641"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0058",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0058"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0058",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0058"
}
],
"release_date": "2014-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "EAP6: Plain text password logging during security audit"
},
{
"cve": "CVE-2014-0059",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2014-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1063642"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JBossSX/PicketBox: World readable audit.log file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0059"
},
{
"category": "external",
"summary": "RHBZ#1063642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063642"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0059"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "JBossSX/PicketBox: World readable audit.log file"
},
{
"acknowledgments": [
{
"names": [
"David Jorm"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0075",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2014-02-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1072776"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0075"
},
{
"category": "external",
"summary": "RHBZ#1072776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2014-0086",
"discovery_date": "2014-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1067268"
}
],
"notes": [
{
"category": "description",
"text": "It was found that certain malformed requests caused RichFaces to leak memory. A remote, unauthenticated attacker could use this flaw to send a large number of malformed requests to a RichFaces application that uses the Atmosphere framework, leading to a denial of service (excessive memory consumption) on the application server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RichFaces: remote denial of service via memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0086"
},
{
"category": "external",
"summary": "RHBZ#1067268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0086",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0086"
}
],
"release_date": "2014-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "RichFaces: remote denial of service via memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Josef Cacek"
],
"organization": "Red Hat JBoss EAP Quality Engineering team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0093",
"discovery_date": "2014-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1070046"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "6: JSM policy not respected by deployed applications",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0093"
},
{
"category": "external",
"summary": "RHBZ#1070046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0093",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0093"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0093",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0093"
}
],
"release_date": "2014-02-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "6: JSM policy not respected by deployed applications"
},
{
"cve": "CVE-2014-0096",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2014-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1088342"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Low security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0096"
},
{
"category": "external",
"summary": "RHBZ#1088342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs"
},
{
"cve": "CVE-2014-0099",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2014-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1102030"
}
],
"notes": [
{
"category": "description",
"text": "It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: Request smuggling via malicious content length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0099"
},
{
"category": "external",
"summary": "RHBZ#1102030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat/JBossWeb: Request smuggling via malicious content length header"
},
{
"cve": "CVE-2014-0107",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2014-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1080248"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Xalan-Java: insufficient constraints in secure processing feature",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0107"
},
{
"category": "external",
"summary": "RHBZ#1080248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080248"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0107",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0107"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0107",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0107"
},
{
"category": "external",
"summary": "http://www.ocert.org/advisories/ocert-2014-002.html",
"url": "http://www.ocert.org/advisories/ocert-2014-002.html"
}
],
"release_date": "2014-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Xalan-Java: insufficient constraints in secure processing feature"
},
{
"cve": "CVE-2014-0109",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2014-05-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1093526"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: HTML content posted to SOAP endpoint could cause OOM errors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0109"
},
{
"category": "external",
"summary": "RHBZ#1093526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0109",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0109"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0109"
}
],
"release_date": "2014-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: HTML content posted to SOAP endpoint could cause OOM errors"
},
{
"cve": "CVE-2014-0110",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2014-05-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1093527"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when a large invalid SOAP message was processed by Apache CXF, it could be saved to a temporary file in the /tmp directory. A remote attacker could send a specially crafted SOAP message that, when processed by an application using Apache CXF, would use an excessive amount of disk space, possibly causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: Large invalid content could cause temporary space to fill",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0110"
},
{
"category": "external",
"summary": "RHBZ#1093527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0110",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0110"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0110",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0110"
}
],
"release_date": "2014-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: Large invalid content could cause temporary space to fill"
},
{
"cve": "CVE-2014-0119",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2014-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1102038"
}
],
"notes": [
{
"category": "description",
"text": "It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web / Apache Tomcat instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: XML parser hijack by malicious web application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0119"
},
{
"category": "external",
"summary": "RHBZ#1102038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102038"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0119"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat/JBossWeb: XML parser hijack by malicious web application"
},
{
"acknowledgments": [
{
"names": [
"James Roper"
],
"organization": "Typesafe"
}
],
"cve": "CVE-2014-0193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2014-04-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1092783"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: DoS via memory exhaustion during data aggregation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0193"
},
{
"category": "external",
"summary": "RHBZ#1092783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0193"
}
],
"release_date": "2014-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: DoS via memory exhaustion during data aggregation"
},
{
"cve": "CVE-2014-0227",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2014-06-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1109196"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0227"
},
{
"category": "external",
"summary": "RHBZ#1109196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0227",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0227"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.43",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.43"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55"
}
],
"release_date": "2015-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter"
},
{
"cve": "CVE-2014-0245",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2014-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1101303"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "WSRP: Information disclosure via unsafe concurrency handling in interceptor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0245"
},
{
"category": "external",
"summary": "RHBZ#1101303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101303"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0245",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0245"
}
],
"release_date": "2015-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "WSRP: Information disclosure via unsafe concurrency handling in interceptor"
},
{
"acknowledgments": [
{
"names": [
"CA Technologies"
]
}
],
"cve": "CVE-2014-3472",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"discovery_date": "2014-05-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1103815"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the isCallerInRole() method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Security: Invalid EJB caller role check implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3472"
},
{
"category": "external",
"summary": "RHBZ#1103815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3472",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3472"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3472",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3472"
}
],
"release_date": "2014-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Security: Invalid EJB caller role check implementation"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-3481",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2014-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1105242"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity (XXE) attacks on RESTEasy applications accepting XML input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "JAX-RS: Information disclosure via XML eXternal Entity (XXE)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3481"
},
{
"category": "external",
"summary": "RHBZ#1105242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1105242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3481",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3481"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3481",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3481"
}
],
"release_date": "2014-06-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "JAX-RS: Information disclosure via XML eXternal Entity (XXE)"
},
{
"acknowledgments": [
{
"names": [
"David Jorm"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-3490",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2014-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1107901"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTEasy: XXE via parameter entities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3490"
},
{
"category": "external",
"summary": "RHBZ#1107901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3490",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3490"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3490",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3490"
}
],
"release_date": "2014-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "RESTEasy: XXE via parameter entities"
},
{
"cve": "CVE-2014-3529",
"discovery_date": "2014-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1138135"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity (XXE) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-poi: XML eXternal Entity (XXE) flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has determined that CVE-2014-3529 is not exploitable by default in JBoss Portal Platform as provided by Red Hat. This flaw would only be exploitable if the Apache POI library provided by JBoss Portal Platform were used by a custom application to process user-supplied XML documents.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3529"
},
{
"category": "external",
"summary": "RHBZ#1138135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3529"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3529",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3529"
}
],
"release_date": "2014-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-poi: XML eXternal Entity (XXE) flaw"
},
{
"acknowledgments": [
{
"names": [
"Alexander Papadakis"
]
}
],
"cve": "CVE-2014-3530",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2014-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1112987"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "PicketLink: XXE via insecure DocumentBuilderFactory usage",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw could allow remote, unauthenticated attackers to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. All systems hosting PicketLink applications using SAML Identity Providers and Service Providers may be affected. It is strongly advised that anyone running an affected system applies patches to address this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3530"
},
{
"category": "external",
"summary": "RHBZ#1112987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3530",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3530"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3530",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3530"
}
],
"release_date": "2014-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "PicketLink: XXE via insecure DocumentBuilderFactory usage"
},
{
"cve": "CVE-2014-3574",
"discovery_date": "2014-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1138140"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-poi: entity expansion (billion laughs) flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has determined that CVE-2014-3574 is not exploitable by default in JBoss Portal Platform as provided by Red Hat. This flaw would only be exploitable if the Apache POI library provided by JBoss Portal Platform were used by a custom application to process user-supplied XML documents.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3574"
},
{
"category": "external",
"summary": "RHBZ#1138140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138140"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3574"
}
],
"release_date": "2014-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-poi: entity expansion (billion laughs) flaw"
},
{
"cve": "CVE-2014-3577",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"discovery_date": "2014-08-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1129074"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject\u0027s Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/solutions/1165533\n\nThis issue affects the versions of HttpComponents Client as shipped with Red Hat JBoss Data Grid 6 and Red Hat JBoss Data Virtualization 6; and ModeShape Client as shipped with Red Hat JBoss Data Virtualization 6. However, this flaw is not known to be exploitable under any supported scenario in Red Hat JBoss Data Grid 6 and JBoss Data Virtualization 6. A future update may address this issue.\n\nRed Hat JBoss Enterprise Application Platform 4, Red Hat JBoss SOA Platform 4, and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/\n\nFuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3577"
},
{
"category": "external",
"summary": "RHBZ#1129074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129074"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3577"
}
],
"release_date": "2014-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix"
},
{
"cve": "CVE-2014-3586",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2014-07-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1126687"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user\u0027s home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CLI: Insecure default permissions on history file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3586"
},
{
"category": "external",
"summary": "RHBZ#1126687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3586",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3586"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3586",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3586"
}
],
"release_date": "2015-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "CLI: Insecure default permissions on history file"
},
{
"cve": "CVE-2014-4172",
"discovery_date": "2014-08-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1131350"
}
],
"notes": [
{
"category": "description",
"text": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cas-client: Bypass of security constraints via URL parameter injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4172"
},
{
"category": "external",
"summary": "RHBZ#1131350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4172",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4172"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html",
"url": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html"
}
],
"release_date": "2014-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cas-client: Bypass of security constraints via URL parameter injection"
},
{
"cve": "CVE-2014-7839",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2014-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1165328"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity (XXE) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTeasy: External entities expanded by DocumentProvider",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Web Framework Kit has moved out of maintenance phase and is no longer supported by Red Hat Product Security. This issue is not currently planned to be addressed in any future updates. For additional information, refer to the Red Hat JBoss Middleware Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-7839"
},
{
"category": "external",
"summary": "RHBZ#1165328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165328"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-7839",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-7839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7839"
}
],
"release_date": "2014-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "RESTeasy: External entities expanded by DocumentProvider"
},
{
"cve": "CVE-2015-0226",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2015-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1191446"
}
],
"notes": [
{
"category": "description",
"text": "It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher\u0027s attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wss4j: Apache WSS4J is vulnerable to Bleichenbacher\u0027s attack (incomplete fix for CVE-2011-2487)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0226"
},
{
"category": "external",
"summary": "RHBZ#1191446",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191446"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0226",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0226"
}
],
"release_date": "2015-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wss4j: Apache WSS4J is vulnerable to Bleichenbacher\u0027s attack (incomplete fix for CVE-2011-2487)"
},
{
"cve": "CVE-2015-0227",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2015-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1191451"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wss4j: Apache WSS4J doesn\u0027t correctly enforce the requireSignedEncryptedDataElements property",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Portal 6.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-0227"
},
{
"category": "external",
"summary": "RHBZ#1191451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0227"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0227",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0227"
}
],
"release_date": "2015-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-14T15:14:47+00:00",
"details": "All users of Red Hat JBoss Portal 6.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.2.0.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.",
"product_ids": [
"Red Hat JBoss Portal 6.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1009"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Portal 6.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wss4j: Apache WSS4J doesn\u0027t correctly enforce the requireSignedEncryptedDataElements property"
}
]
}
VAR-201404-0585
Vulnerability from variot - Updated: 2026-03-09 21:05MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. The following products are vulnerable: Apache Commons FileUpload 1.0 through versions 1.3 Apache Tomcat 8.0.0-RC1 through versions 8.0.1 Apache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29
http://security.gentoo.org/
Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29
Synopsis
Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56
Description
Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.
Resolution
All Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"
All Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"
References
[ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-29.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Summary
VMware has updated vSphere third party libraries
-
Relevant releases
VMware vCenter Server 5.5 prior to Update 2
VMware vCenter Update Manager 5.5 prior to Update 2
VMware ESXi 5.5 without patch ESXi550-201409101-SG
-
Problem Description
a. vCenter Server Apache Struts Update
The Apache Struts library is updated to address a security issue.
This issue may lead to remote code execution after authentication.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-0114 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any 5.5 Update 2
vCenter Server 5.1 any Patch Pending
vCenter Server 5.0 any Patch Pending
b.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and
CVE-2014-0050 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any 5.5 Update 2
vCenter Server 5.1 any Patch Pending
vCenter Server 5.0 any Patch Pending
c. Update to ESXi glibc package
glibc is updated to address multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to
these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
ESXi 5.5 any ESXi550-201409101-SG
ESXi 5.1 any Patch Pending
ESXi 5.0 any Patch Pending
d. vCenter and Update Manager, Oracle JRE 1.7 Update 55
Oracle has documented the CVE identifiers that are addressed in
JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update
Advisory of April 2014.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any 5.5 Update 2
vCenter Server 5.1 any not applicable *
vCenter Server 5.0 any not applicable *
vCenter Update Manager 5.5 any 5.5 Update 2
vCenter Update Manager 5.1 any not applicable *
vCenter Update Manager 5.0 any not applicable *
* this product uses the Oracle JRE 1.6.0 family *
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Server and Update Manager 5.5u2
Downloads and Documentation: https://www.vmware.com/go/download-vsphere
ESXi 5.5
Download: https://www.vmware.com/patchmgr/findPatch.portal
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914
JRE
Oracle Java SE Critical Patch Update Advisory of April 2014
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- Change log
2014-09-09 VMSA-2014-0008 Initial security advisory in conjunction with the release of vSphere 5.5 Update 2 on 2014-09-09. Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05324755 Version: 1
HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-11-04 Last Updated: 2016-11-04
Potential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary Code Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery.
References:
- CVE-2014-0114 - Apache Struts, execution of arbitrary code
- CVE-2016-0763 - Apache Tomcat, denial of service (DoS)
- CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions
- CVE-2015-3253 - Apache Groovy, execution of arbitrary code
- CVE-2015-5652 - Python, elevation of privilege
- CVE-2013-6429 - Spring Framework, cross-site request forgery
- CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)
- PSRT110264
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP SiteScope Monitors Software Series 11.2xa11.32IP1
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2013-6429
6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0050
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0107
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0114
6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-3253
7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-5652
8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-0763
6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided a resolution via an update to HPE SiteScope. Details on the update and each vulnerability are in the KM articles below.
Note: The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: https://softwaresupport.hpe.com.
-
Apache Commons FileUpload: KM02550251 (CVE-2014-0050):
-
Apache Struts: KM02553983 (CVE-2014-0114):
-
Apache Tomcat: KM02553990 (CVE-2016-0763):
-
Apache XML Xalan: KM02553991 (CVE-2014-0107):
-
Apache Groovy: KM02553992 (CVE-2015-3253):
-
Python: KM02553997 (CVE-2015-5652):
-
Spring Framework: KM02553998 (CVE-2013-6429):
HISTORY Version:1 (rev.1) - 4 November 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.
This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes various bug fixes, which are listed in the README file included with the patch files.
The following security issues are also addressed with this release:
It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. (CVE-2013-7285)
It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. (CVE-2014-0003)
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. (CVE-2013-6440)
It was found that the Apache Camel XSLT component would resolve entities in XML messages when transforming them using an XSLT route. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials.
CVE-2013-2071
A runtime exception in AsyncListener.onComplete() prevents the request from
being recycled. This may expose elements of a previous request to a current
request.
CVE-2013-4322
When processing a request submitted using the chunked transfer encoding,
Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount
of data to the server.
For the stable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u1.
For the testing distribution (jessie), these problems have been fixed in version 7.0.52-1.
For the unstable distribution (sid), these problems have been fixed in version 7.0.52-1.
We recommend that you upgrade your tomcat7 packages. This issue was found to be only partially addressed in CVE-2014-0094.
CVE-2014-0050 may lead to a denial of service condition.
vCenter Operations Management Suite (vCOps) is affected by both
CVE-2014-0112 and CVE-2014-0050.
vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not
by CVE-2014-0112.
Workaround
A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager
application, access to that functionality is limited to authenticated administrators. This issue was reported responsibly to the Apache Software Foundation via JPCERT but an error in addressing an e-mail led to the unintended early disclosure of this issue[1].
Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Commons FileUpload 1.3.1 or later once released - - Upgrade to Apache Tomcat 8.0.2 or later once released - - Upgrade to Apache Tomcat 7.0.51 or later once released - - Apply the appropriate patch - Commons FileUpload: http://svn.apache.org/r1565143 - Tomcat 8: http://svn.apache.org/r1565163 - Tomcat 7: http://svn.apache.org/r1565169 - - Limit the size of the Content-Type header to less than 4091 bytes
Credit: This issue was reported to the Apache Software Foundation via JPCERT.
Additionally a build problem with maven was discovered, fixed maven packages is also being provided with this advisory.
References:
- CVE-2009-5028 - Namazu Remote Denial of Service
- CVE-2011-4345 - Namazu Cross-site Scripting
- CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of Information
- CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information
- CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2017-5787 - DoS - LINUX VCRM
- CVE-2016-8517 - SIM
- CVE-2016-8516 - SIM
- CVE-2016-8518 - SIM
- CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM
- CVE-2016-8515 - Malicious File Upload - Linux VCRM
- CVE-2016-8514 - Information Disclosure - Linux VCRM
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. (CVE-2013-4286)
It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322)
It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update Advisory ID: RHSA-2014:0400-03 Product: Red Hat JBoss Fuse Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html Issue date: 2014-04-14 CVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 CVE-2014-0085 CVE-2014-1904 =====================================================================
- Summary:
Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Red Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat JBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the link in the References section, for a list of changes.
- Description:
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
Security fixes:
A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block. (CVE-2013-2172)
A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle attacker could possibly use this flaw to unilaterally disable bidirectional authentication between a client and a server, forcing a downgrade to simple (unidirectional) authentication. This flaw only affected users who have enabled Hadoop's Kerberos security features. (CVE-2013-2192)
It was discovered that the Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. A remote attacker could use this flaw to conduct XML External Entity (XXE) attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-4152)
It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. (CVE-2013-4517)
It was found that the Spring MVC SourceHttpMessageConverter enabled entity resolution by default. A remote attacker could use this flaw to conduct XXE attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-6429)
The Spring JavaScript escape method insufficiently escaped some characters. Applications using this method to escape user-supplied content, which would be rendered in HTML5 documents, could be exposed to cross-site scripting (XSS) flaws. (CVE-2013-6430)
A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. (CVE-2014-0050)
It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues in Spring were incomplete. Spring MVC processed user-provided XML and neither disabled XML external entities nor provided an option to disable them, possibly allowing a remote attacker to conduct XXE attacks. (CVE-2014-0054)
A cross-site scripting (XSS) flaw was found in the Spring Framework when using Spring MVC. When the action was not specified in a Spring form, the action field would be populated with the requested URI, allowing an attacker to inject malicious content into the form. (CVE-2014-1904)
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035)
An information disclosure flaw was found in the way Apache Zookeeper stored the password of an administrative user in the log files. A local user with access to these log files could use the exposed sensitive information to gain administrative access to an application using Apache Zookeeper. (CVE-2014-0085)
The CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and Arun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2014-0085 issue was discovered by Graeme Colman of Red Hat.
- Solution:
All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing 1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw 1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability 1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging 1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC 1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429
- References:
https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2172.html https://www.redhat.com/security/data/cve/CVE-2013-2192.html https://www.redhat.com/security/data/cve/CVE-2013-4152.html https://www.redhat.com/security/data/cve/CVE-2013-4517.html https://www.redhat.com/security/data/cve/CVE-2013-6429.html https://www.redhat.com/security/data/cve/CVE-2013-6430.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://www.redhat.com/security/data/cve/CVE-2014-0054.html https://www.redhat.com/security/data/cve/CVE-2014-0085.html https://www.redhat.com/security/data/cve/CVE-2014-1904.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.1.0 https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0 4iA38miFgmWgRtUp0Xztb6E= =/1+z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). The verification of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages (JSP) and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications.
Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.0"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0in"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus primary server base (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus primary server base (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "programming environment for java )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "programming environment for java )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "cosminexus component container )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus component container window",
"scope": "ne",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "ne",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"_id": null,
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"_id": null,
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"_id": null,
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.2"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.8.1"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.7.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "linux 10.04.lts",
"scope": null,
"trust": 0.3,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": "linux enterprise server sp3 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.54"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.33"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.32"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.31"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.30"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.1"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.0"
},
{
"_id": null,
"model": "jboss fuse service works",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "jboss enterprise web server el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "jboss enterprise web server el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2.1"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "jboss enterprise application platform el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "jboss brms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.1"
},
{
"_id": null,
"model": "jboss brms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "jboss bpms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.1"
},
{
"_id": null,
"model": "jboss bpms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "jboss a-mq",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "fuse esb enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.1.0"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server eus 6.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.6.0"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.2"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.6.1"
},
{
"_id": null,
"model": "retail returns management rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail returns management 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "retail open commerce platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "retail central office rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "retail central office 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "retail back office rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "retail back office 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.10"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.16"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.15"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.14"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.13"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"_id": null,
"model": "health sciences empirica study",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"_id": null,
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.3.3"
},
{
"_id": null,
"model": "health sciences empirica inspections",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.1.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.2"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"_id": null,
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.3"
},
{
"_id": null,
"model": "communications online mediation controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"_id": null,
"model": "application express 1.1-ea",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere message broker for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"_id": null,
"model": "websphere extended deployment compute grid",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "websphere extended deployment compute",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "websphere business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.3"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.2"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.13"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.12"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.11"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1100"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1000"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1000"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4100"
},
{
"_id": null,
"model": "tivoli remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "tivoli composite application manager for application diagnostics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.21"
},
{
"_id": null,
"model": "support assistant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.40"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.20"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.3.2"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.1"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.0"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.1"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.0"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.0.4"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.2.3"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.7"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.6"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.5"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.2"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.6"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.3.01"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "sametime proxy server and web client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"_id": null,
"model": "sametime proxy server and web client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.01"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational requirements composer ifix1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.04"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.3"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "omnifind enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "lotus widget factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "lotus mashups",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"_id": null,
"model": "lotus mashups",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.2"
},
{
"_id": null,
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "integration bus for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"_id": null,
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "infosphere guardium data redaction",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5"
},
{
"_id": null,
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"_id": null,
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.02"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "forms experience builder",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "forms experience builder",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9848-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9848-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9846-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9846-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem 9843-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8400"
},
{
"_id": null,
"model": "filenet services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "filenet p8 application engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.5"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.4"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.3"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.2"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"_id": null,
"model": "filenet content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "filenet collaboration services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.2"
},
{
"_id": null,
"model": "filenet business process framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"_id": null,
"model": "endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.122"
},
{
"_id": null,
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.11"
},
{
"_id": null,
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.19"
},
{
"_id": null,
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"_id": null,
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.19"
},
{
"_id": null,
"model": "content manager services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "content manager services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "content integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "content integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "content foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.3"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.2"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.5"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.3"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "usg9580 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "usg9560 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "usg9520 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "eudemon8000e-x8 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "eudemon8000e-x3 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "eudemon8000e-x16 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "espace meeting portal v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "anyoffice v200r002c10spc500",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8080"
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8060"
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8030"
},
{
"_id": null,
"model": "antiddos 500-d v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "1550"
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "1520"
},
{
"_id": null,
"model": "sitescope monitors 11.32ip1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "sitescope monitors",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"_id": null,
"model": "sdn van controller",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.5"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "ucosminexus service platform (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service architect (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0109-50"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus developer (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus developer (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server-r (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server-r (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "programming environment for java (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "programming environment for java (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-10-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-10"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-02-04"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-05"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-04"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-06"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-03"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-02"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-01"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-06"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-02"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-01"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-12"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-11"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-10"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-09"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-08"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-07"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-06"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-04"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-03"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-07"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-06"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-05"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-04"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-03"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-02"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-02"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-02"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-02"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "cosminexus component container (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "cosminexus component container (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-08"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-08"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-01"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip webaccelerator hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip psm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip pem hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip ltm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip link controller hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip link controller hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip gtm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip gtm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.40"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip asm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip analytics hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip analytics hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip analytics 11.0.0-hf2",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.0"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip afm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.02"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.01"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.2"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.1"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.3"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "5.0"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat 8.0.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "20"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.41"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.14"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.10"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.7"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.12"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.13"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"_id": null,
"model": "vcenter server update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.52"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.8.2"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.7.3"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"_id": null,
"model": "jboss a-mq",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"_id": null,
"model": "urbancode release",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.4"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.14"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1200"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2000"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.8"
},
{
"_id": null,
"model": "infosphere guardium data redaction",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.1"
},
{
"_id": null,
"model": "filenet business process framework",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.10"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.123"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.12"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.110"
},
{
"_id": null,
"model": "dataquant",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2"
},
{
"_id": null,
"model": "dataquant",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.20"
},
{
"_id": null,
"model": "connections cr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "espace meeting portal v100r001c00spc303",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "anyoffice v200r002c10l00422",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "antiddos v100r001c00sph503",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "8000"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"_id": null,
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.2"
},
{
"_id": null,
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"_id": null,
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.4"
},
{
"_id": null,
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16.1"
}
],
"sources": [
{
"db": "BID",
"id": "65400"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "126754"
},
{
"db": "PACKETSTORM",
"id": "126404"
}
],
"trust": 0.5
},
"cve": "CVE-2014-0050",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0050",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0050",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0050",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"description": {
"_id": null,
"data": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. \nThe following products are vulnerable:\nApache Commons FileUpload 1.0 through versions 1.3\nApache Tomcat 8.0.0-RC1 through versions 8.0.1\nApache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: December 15, 2014\n Bugs: #442014, #469434, #500600, #511762, #517630, #519590\n ID: 201412-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich may result in Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat \u003c 7.0.56 *\u003e= 6.0.41\n \u003e= 7.0.56\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.41\"\n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.56\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2733\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733\n[ 2 ] CVE-2012-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544\n[ 3 ] CVE-2012-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546\n[ 4 ] CVE-2012-4431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431\n[ 5 ] CVE-2012-4534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534\n[ 6 ] CVE-2012-5885\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885\n[ 7 ] CVE-2012-5886\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886\n[ 8 ] CVE-2012-5887\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887\n[ 9 ] CVE-2013-2067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067\n[ 10 ] CVE-2013-2071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071\n[ 11 ] CVE-2013-4286\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286\n[ 12 ] CVE-2013-4322\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322\n[ 13 ] CVE-2013-4590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590\n[ 14 ] CVE-2014-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033\n[ 15 ] CVE-2014-0050\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050\n[ 16 ] CVE-2014-0075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075\n[ 17 ] CVE-2014-0096\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096\n[ 18 ] CVE-2014-0099\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099\n[ 19 ] CVE-2014-0119\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-29.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Summary\n\n VMware has updated vSphere third party libraries\n\n2. Relevant releases\n\n \n VMware vCenter Server 5.5 prior to Update 2\n\n VMware vCenter Update Manager 5.5 prior to Update 2\n\n VMware ESXi 5.5 without patch ESXi550-201409101-SG\n\n\n3. Problem Description\n\n a. vCenter Server Apache Struts Update\n\n The Apache Struts library is updated to address a security issue. \n\n This issue may lead to remote code execution after authentication. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2014-0114 to this issue. \n\n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning\tReplace with/\n Product Version\ton\t Apply Patch\n ============= =======\t=======\t=================\n vCenter Server 5.5 any 5.5 Update 2\n vCenter Server 5.1 any Patch Pending\n vCenter Server 5.0 any Patch Pending\n\n b. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and \n CVE-2014-0050 to these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning Replace with/\n Product Version\ton\t Apply Patch\n ============= =======\t======= =================\n vCenter Server 5.5 any 5.5 Update 2\n vCenter Server 5.1 any Patch Pending\n vCenter Server 5.0 any Patch Pending\n \n c. Update to ESXi glibc package\n\n glibc is updated to address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to \n these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning Replace with/\n Product Version\ton\t Apply Patch\n ============= =======\t======= =================\n ESXi 5.5 any ESXi550-201409101-SG\n ESXi 5.1 any Patch Pending\n ESXi 5.0 any Patch Pending\n\nd. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\n Oracle has documented the CVE identifiers that are addressed in \n JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update \n Advisory of April 2014. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning Replace with/\n Product Version\ton Apply Patch\n ============= =======\t======= =================\n vCenter Server 5.5 any 5.5 Update 2\n vCenter Server 5.1 any not applicable *\n vCenter Server 5.0 any not applicable *\n vCenter Update Manager 5.5 any 5.5 Update 2\n vCenter Update Manager 5.1 any not applicable *\n vCenter Update Manager 5.0 any not applicable *\n \n * this product uses the Oracle JRE 1.6.0 family *\n\n4. Solution\n\n Please review the patch/release notes for your product and version \n and verify the checksum of your downloaded file. \n\n \n vCenter Server and Update Manager 5.5u2\n ---------------------------------------\n Downloads and Documentation:\n https://www.vmware.com/go/download-vsphere\n\n ESXi 5.5\n --------\n Download:\n https://www.vmware.com/patchmgr/findPatch.portal\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914\n\n JRE\n ---\n Oracle Java SE Critical Patch Update Advisory of April 2014\n \nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\n\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2014-09-09 VMSA-2014-0008\n Initial security advisory in conjunction with the release of vSphere\n 5.5 Update 2 on 2014-09-09. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324755\nVersion: 1\n\nHPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote\nDenial of Service, Arbitrary Code Execution and Cross-Site Request Forgery\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-04\nLast Updated: 2016-11-04\n\nPotential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary\nCode Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in HPE SiteScope. The\nvulnerabilities could be exploited to allow local elevation of privilege and\nexploited remotely to allow denial of service, arbitrary code execution,\ncross-site request forgery. \n\nReferences:\n\n - CVE-2014-0114 - Apache Struts, execution of arbitrary code\n - CVE-2016-0763 - Apache Tomcat, denial of service (DoS)\n - CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions \n - CVE-2015-3253 - Apache Groovy, execution of arbitrary code \n - CVE-2015-5652 - Python, elevation of privilege\n - CVE-2013-6429 - Spring Framework, cross-site request forgery\n - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)\n - PSRT110264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP SiteScope Monitors Software Series 11.2xa11.32IP1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2013-6429\n 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0050\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0107\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0114\n 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-3253\n 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-5652\n 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\n 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-0763\n 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\n 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided a resolution via an update to HPE SiteScope. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: \u003chttps://softwaresupport.hpe.com\u003e. \n\n\n * Apache Commons FileUpload: KM02550251 (CVE-2014-0050): \n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02550251\u003e\n\n\n * Apache Struts: KM02553983 (CVE-2014-0114):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553983\u003e\n\n\n * Apache Tomcat: KM02553990 (CVE-2016-0763):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553990\u003e\n\n * Apache XML Xalan: KM02553991 (CVE-2014-0107):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553991\u003e\n\n * Apache Groovy: KM02553992 (CVE-2015-3253):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553992\u003e\n\n * Python: KM02553997 (CVE-2015-5652):\n\n *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553997\u003e\n\n * Spring Framework: KM02553998 (CVE-2013-6429):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553998\u003e\n\nHISTORY\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications. \n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files. \n\nThe following security issues are also addressed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. (CVE-2014-0003)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. (CVE-2013-6440)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. By repeatedly sending a request \n for an authenticated resource while the victim is completing the login \n form, an attacker could inject a request that would be executed using the \n victim\u0027s credentials. \n\nCVE-2013-2071\n\n A runtime exception in AsyncListener.onComplete() prevents the request from \n being recycled. This may expose elements of a previous request to a current \n request. \n\nCVE-2013-4322\n\n When processing a request submitted using the chunked transfer encoding, \n Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount \n of data to the server. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.0.28-4+deb7u1. \n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.0.52-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.52-1. \n\nWe recommend that you upgrade your tomcat7 packages. This issue was \n found to be only partially addressed in CVE-2014-0094. \n\n CVE-2014-0050 may lead to a denial of service condition. \n\n vCenter Operations Management Suite (vCOps) is affected by both \n CVE-2014-0112 and CVE-2014-0050. \n\n vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n by CVE-2014-0112. \n\n Workaround\n\n A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager\napplication, access to that functionality is limited to authenticated\nadministrators. \nThis issue was reported responsibly to the Apache Software Foundation\nvia JPCERT but an error in addressing an e-mail led to the unintended\nearly disclosure of this issue[1]. \n\nMitigation:\nUsers of affected versions should apply one of the following mitigations\n- - Upgrade to Apache Commons FileUpload 1.3.1 or later once released\n- - Upgrade to Apache Tomcat 8.0.2 or later once released\n- - Upgrade to Apache Tomcat 7.0.51 or later once released\n- - Apply the appropriate patch\n - Commons FileUpload: http://svn.apache.org/r1565143\n - Tomcat 8: http://svn.apache.org/r1565163\n - Tomcat 7: http://svn.apache.org/r1565169\n- - Limit the size of the Content-Type header to less than 4091 bytes\n\nCredit:\nThis issue was reported to the Apache Software Foundation via JPCERT. \n \n Additionally a build problem with maven was discovered, fixed maven\n packages is also being provided with this advisory. \n\nReferences:\n\n - CVE-2009-5028 - Namazu Remote Denial of Service\n - CVE-2011-4345 - Namazu Cross-site Scripting\n - CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of\nInformation\n - CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information\n - CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2017-5787 - DoS - LINUX VCRM\n - CVE-2016-8517 - SIM\n - CVE-2016-8516 - SIM\n - CVE-2016-8518 - SIM\n - CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM\n - CVE-2016-8515 - Malicious File Upload - Linux VCRM\n - CVE-2016-8514 - Information Disclosure - Linux VCRM\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nIt was found that previous fixes in Tomcat 6 to path parameter handling\nintroduced a regression that caused Tomcat to not properly disable URL\nrewriting to track session IDs when the disableURLRewriting option was\nenabled. A man-in-the-middle attacker could potentially use this flaw to\nhijack a user\u0027s session. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544\n1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled\n1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update\nAdvisory ID: RHSA-2014:0400-03\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html\nIssue date: 2014-04-14\nCVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 \n CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 \n CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 \n CVE-2014-0085 CVE-2014-1904 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal. \n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\nRed Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat\nJBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to\nthe Release Notes document, available from the link in the References\nsection, for a list of changes. \n\n2. Description:\n\nRed Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform. \n\nSecurity fixes:\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nA flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle\nattacker could possibly use this flaw to unilaterally disable bidirectional\nauthentication between a client and a server, forcing a downgrade to simple\n(unidirectional) authentication. This flaw only affected users who have\nenabled Hadoop\u0027s Kerberos security features. (CVE-2013-2192)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. (CVE-2013-4152)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIt was found that the Spring MVC SourceHttpMessageConverter enabled entity\nresolution by default. A remote attacker could use this flaw to conduct XXE\nattacks on web sites, and read files in the context of the user running the\napplication server. (CVE-2013-6429)\n\nThe Spring JavaScript escape method insufficiently escaped some characters. \nApplications using this method to escape user-supplied content, which would\nbe rendered in HTML5 documents, could be exposed to cross-site scripting\n(XSS) flaws. (CVE-2013-6430)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. (CVE-2014-0050)\n\nIt was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues\nin Spring were incomplete. Spring MVC processed user-provided XML and\nneither disabled XML external entities nor provided an option to disable\nthem, possibly allowing a remote attacker to conduct XXE attacks. \n(CVE-2014-0054)\n\nA cross-site scripting (XSS) flaw was found in the Spring Framework when\nusing Spring MVC. When the action was not specified in a Spring form, the\naction field would be populated with the requested URI, allowing an\nattacker to inject malicious content into the form. (CVE-2014-1904)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp when the native libraries were bundled in a JAR file, and no custom\nlibrary path was specified. A local attacker could overwrite these native\nlibraries with malicious versions during the window between when HawtJNI\nwrites them and when they are executed. (CVE-2013-2035)\n\nAn information disclosure flaw was found in the way Apache Zookeeper stored\nthe password of an administrative user in the log files. A local user with\naccess to these log files could use the exposed sensitive information to\ngain administrative access to an application using Apache Zookeeper. \n(CVE-2014-0085)\n\nThe CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and\nArun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035\nissue was discovered by Florian Weimer of the Red Hat Product Security\nTeam, and the CVE-2014-0085 issue was discovered by Graeme Colman of\nRed Hat. \n\n3. Solution:\n\nAll users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution\n999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing\n1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw\n1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability\n1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters\n1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack\n1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging\n1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC\n1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-2035.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2172.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2192.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4152.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4517.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6429.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6430.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0050.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0054.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0085.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-1904.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=6.1.0\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0\n4iA38miFgmWgRtUp0Xztb6E=\n=/1+z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat\n internals information by leveraging the presence of an untrusted web\n application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\n document containing an external entity declaration in conjunction\n with an entity reference, related to an XML External Entity (XXE)\n issue (CVE-2013-4590). The verification\n of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides\norganizations with a single deployment platform for Java Server Pages (JSP)\nand Java Servlet technologies, PHP, and CGI. It uses a genuine high\nperformance hybrid technology that incorporates the best of the most recent\nOS technologies for processing high volume data, while keeping all the\nreference Java specifications. \n\nApache Commons FileUpload package makes it easy to add robust,\nhigh-performance, file upload capability to servlets and web applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "PACKETSTORM",
"id": "125119"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "PACKETSTORM",
"id": "128211"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126404"
},
{
"db": "PACKETSTORM",
"id": "126052"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "127215"
},
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "PACKETSTORM",
"id": "125109"
},
{
"db": "PACKETSTORM",
"id": "125687"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "126754"
}
],
"trust": 2.7
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=31615",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0050",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN14876762",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-015",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-017",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-016",
"trust": 1.4
},
{
"db": "BID",
"id": "65400",
"trust": 1.4
},
{
"db": "PACKETSTORM",
"id": "127215",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "59232",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59399",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59185",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59187",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59039",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59500",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59184",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60475",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59041",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59183",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58075",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58976",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59492",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59725",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60753",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57915",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017",
"trust": 1.1
},
{
"db": "HITACHI",
"id": "HS14-008",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "31615",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126007",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131089",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141092",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125687",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125109",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126754",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126052",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126404",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128211",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129553",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "125687"
},
{
"db": "PACKETSTORM",
"id": "125109"
},
{
"db": "PACKETSTORM",
"id": "126754"
},
{
"db": "PACKETSTORM",
"id": "125119"
},
{
"db": "PACKETSTORM",
"id": "127215"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "126052"
},
{
"db": "PACKETSTORM",
"id": "126404"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "128211"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"id": "VAR-201404-0585",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41471650857142855
},
"last_update_date": "2026-03-09T21:05:21.141000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian Security Advisories: DSA-2856-1 libcommons-fileupload-java -- denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=642945afda91c20bf7efbc771575262b"
},
{
"title": "Amazon Linux AMI: ALAS-2014-312",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-312"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2130-1"
},
{
"title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57"
},
{
"title": "Debian Security Advisories: DSA-2897-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2d279d06ad61c5b596d45790e28df427"
},
{
"title": "Debian CVElist Bug Report Logs: tomcat7: CVE-2013-2071",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94f2b1959436d579ea8b492b708008b8"
},
{
"title": "Amazon Linux AMI: ALAS-2014-344",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-344"
},
{
"title": "Symantec Security Advisories: SA100 : Apache Tomcat Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=94a4a81a426ea8a524a402abe366c375"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Shiverino/NPE2223 "
},
{
"title": "cve-2014-0050",
"trust": 0.1,
"url": "https://github.com/jrrdev/cve-2014-0050 "
},
{
"title": "victims-version-search",
"trust": 0.1,
"url": "https://github.com/adedov/victims-version-search "
},
{
"title": "-maven-security-versions",
"trust": 0.1,
"url": "https://github.com/nagauker/-maven-security-versions "
},
{
"title": "maven-security-versions-Travis",
"trust": 0.1,
"url": "https://github.com/klee94/maven-security-versions-Travis "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/alexsh88/victims "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/tmpgit3000/victims "
},
{
"title": "maven-security-versions",
"trust": 0.1,
"url": "https://github.com/victims/maven-security-versions "
},
{
"title": "CDL",
"trust": 0.1,
"url": "https://github.com/NCSU-DANCE-Research-Group/CDL "
},
{
"title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications",
"trust": 0.1,
"url": "https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0400.html"
},
{
"trust": 1.4,
"url": "http://jvn.jp/en/jp/jvn14876762/index.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-016/index.html"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-017/index.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-015/index.html"
},
{
"trust": 1.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0253.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0252.html"
},
{
"trust": 1.3,
"url": "http://advisories.mageia.org/mgasa-2014-0110.html"
},
{
"trust": 1.2,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.2,
"url": "http://svn.apache.org/r1565143"
},
{
"trust": 1.2,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000017"
},
{
"trust": 1.1,
"url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57915"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58976"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59232"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59183"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59500"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58075"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59187"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59041"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59185"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59492"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65400"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59039"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59725"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59399"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59184"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60475"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60753"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2130-1"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2014/dsa-2856"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202107-39"
},
{
"trust": 1.1,
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3c52f373fc.9030907%40apache.org%3e"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0050.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0373.html"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0525.html"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0527.html"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100179973"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2014/feb/41"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://commons.apache.org/proper/commons-fileupload//"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668731"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004740"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/jun/151"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0401.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680564"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100178813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682645"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21669383"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675470"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671261"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-008/index.html"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04657823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680714"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037189"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671330"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673004"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0459.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0526.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0528.html"
},
{
"trust": 0.3,
"url": "https://launchpad.support.sap.com/#/notes/2629535"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=497256000"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=495289255"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0429.html"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-350733.htm"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678364"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678373"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684861"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684286"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672321"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681214,swg21680564"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670373"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670400"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682055"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688411"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670769"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680366"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671527"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666799"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674439"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673701"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672717"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667254"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673260"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673682"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673581"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004858"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004859"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672032"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669020"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671201"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671653"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668978"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671684"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4286.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.3,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6429"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4322.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877"
},
{
"trust": 0.2,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://twitter.com/vmwaresrc"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/support/policies/lifecycle.html"
},
{
"trust": 0.2,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.2,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2071"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2067"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://github.com/shiverino/npe2223"
},
{
"trust": 0.1,
"url": "https://github.com/jrrdev/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/31615/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32760"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2130-1/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=securitypatches\u0026version=6.0.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite\u0026downloadtype=securitypatches\u0026version=6.0.1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0149.html"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0268.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-1904.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/red_hat_jboss_fuse/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6430.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4517.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2172"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6429.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1904"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2035"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4152.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2172.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=6.1.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0054.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0085.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0085"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2035.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2192.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0054"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0033.html"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356363\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4345"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5556"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356388\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-5028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5541"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917\u003e"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05390722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5125"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0109.html"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/r1565163"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/r1565169"
},
{
"trust": 0.1,
"url": "http://www.enigmail.net/"
},
{
"trust": 0.1,
"url": "http://markmail.org/message/kpfl7ax4el2owb3o"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/2081470"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/go/download-vcops"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0002"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-7285.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.mq.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0002.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.esb.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0452.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6440.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0003.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6440"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com\u003e."
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0242"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1914"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0242"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/patchmgr/findpatch.portal"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1914"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/go/download-vsphere"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5885"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0033"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-29.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5887"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4431"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0050"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2733"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3544"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2071"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4322"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5886"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4590"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2733"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4431"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4534"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "125687"
},
{
"db": "PACKETSTORM",
"id": "125109"
},
{
"db": "PACKETSTORM",
"id": "126754"
},
{
"db": "PACKETSTORM",
"id": "125119"
},
{
"db": "PACKETSTORM",
"id": "127215"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "126052"
},
{
"db": "PACKETSTORM",
"id": "126404"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "128211"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0050",
"ident": null
},
{
"db": "BID",
"id": "65400",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126007",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "131089",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126144",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126746",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141092",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125687",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125109",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126754",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125119",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127215",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140605",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126052",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126404",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139721",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128211",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129553",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0050",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0050",
"ident": null
},
{
"date": "2014-02-06T00:00:00",
"db": "BID",
"id": "65400",
"ident": null
},
{
"date": "2014-04-03T14:56:00",
"db": "PACKETSTORM",
"id": "126007",
"ident": null
},
{
"date": "2015-03-30T21:20:12",
"db": "PACKETSTORM",
"id": "131089",
"ident": null
},
{
"date": "2014-04-14T22:28:46",
"db": "PACKETSTORM",
"id": "126144",
"ident": null
},
{
"date": "2014-05-22T01:43:07",
"db": "PACKETSTORM",
"id": "126746",
"ident": null
},
{
"date": "2017-02-15T00:39:05",
"db": "PACKETSTORM",
"id": "141092",
"ident": null
},
{
"date": "2014-03-13T21:19:37",
"db": "PACKETSTORM",
"id": "125687",
"ident": null
},
{
"date": "2014-02-07T04:32:05",
"db": "PACKETSTORM",
"id": "125109",
"ident": null
},
{
"date": "2014-05-22T01:44:32",
"db": "PACKETSTORM",
"id": "126754",
"ident": null
},
{
"date": "2014-02-10T23:22:06",
"db": "PACKETSTORM",
"id": "125119",
"ident": null
},
{
"date": "2014-06-25T21:34:12",
"db": "PACKETSTORM",
"id": "127215",
"ident": null
},
{
"date": "2017-01-19T13:56:50",
"db": "PACKETSTORM",
"id": "140605",
"ident": null
},
{
"date": "2014-04-08T21:21:55",
"db": "PACKETSTORM",
"id": "126052",
"ident": null
},
{
"date": "2014-05-01T02:11:10",
"db": "PACKETSTORM",
"id": "126404",
"ident": null
},
{
"date": "2016-11-15T00:42:48",
"db": "PACKETSTORM",
"id": "139721",
"ident": null
},
{
"date": "2014-09-11T21:08:01",
"db": "PACKETSTORM",
"id": "128211",
"ident": null
},
{
"date": "2014-12-15T20:00:49",
"db": "PACKETSTORM",
"id": "129553",
"ident": null
},
{
"date": "2014-04-01T06:27:51.373000",
"db": "NVD",
"id": "CVE-2014-0050",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0050",
"ident": null
},
{
"date": "2018-07-12T06:00:00",
"db": "BID",
"id": "65400",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0050",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "126754"
}
],
"trust": 0.4
},
"title": {
"_id": null,
"data": "Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "65400"
}
],
"trust": 0.3
},
"type": {
"_id": null,
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "65400"
}
],
"trust": 0.3
}
}
WID-SEC-W-2026-0915
Vulnerability from csaf_certbund - Published: 2026-03-30 22:00 - Updated: 2026-04-15 22:00Summary
Kyocera Drucker: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Kyocera ist ein Hersteller u.a. von Druckern.
Angriff: Ein Angreifer aus dem lokalen Netzwerk kann mehrere Schwachstellen in verschiedenen Modellen der Kyocera ECOSYS und TASKalfa Produktfamilien ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - BIOS/Firmware
- Hardware Appliance
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
References
18 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Kyocera ist ein Hersteller u.a. von Druckern.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem lokalen Netzwerk kann mehrere Schwachstellen in verschiedenen Modellen der Kyocera ECOSYS und TASKalfa Produktfamilien ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware\n- Hardware Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0915 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0915.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0915 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0915"
},
{
"category": "external",
"summary": "Kyocera-Sicherheitshinweise",
"url": "https://www.kyoceradocumentsolutions.de/de/support/sicherheitsluecken.html"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2013-0248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0248"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2014-0050",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2015-8126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8126"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2015-8472",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8472"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-1000031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000031"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-3751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3751"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-9842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2017-12652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12652"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2022-37434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2022-40303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40303"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2022-40304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40304"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2023-29469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2024-20952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20952"
}
],
"source_lang": "en-US",
"title": "Kyocera Drucker: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-15T22:00:00.000+00:00",
"generator": {
"date": "2026-04-16T05:54:14.267+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0915",
"initial_release_date": "2026-03-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "2",
"summary": "Anpassung CVSS"
},
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "3",
"summary": "Erg\u00e4nzung von Kyocera bereitgestellter Informationen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "TASKalfa",
"product": {
"name": "Kyocera Printer TASKalfa",
"product_id": "T029668",
"product_identification_helper": {
"cpe": "cpe:/h:kyocera:printer:taskalfa"
}
}
},
{
"category": "product_version",
"name": "ECOSYS",
"product": {
"name": "Kyocera Printer ECOSYS",
"product_id": "T029669",
"product_identification_helper": {
"cpe": "cpe:/h:kyocera:printer:ecosys"
}
}
}
],
"category": "product_name",
"name": "Printer"
}
],
"category": "vendor",
"name": "Kyocera"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0248",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2013-0248"
},
{
"cve": "CVE-2014-0050",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2014-0050"
},
{
"cve": "CVE-2015-8126",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2015-8126"
},
{
"cve": "CVE-2015-8472",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2015-8472"
},
{
"cve": "CVE-2016-1000031",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-1000031"
},
{
"cve": "CVE-2016-3092",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2016-3751",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-3751"
},
{
"cve": "CVE-2016-9842",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-9842"
},
{
"cve": "CVE-2017-12652",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2017-12652"
},
{
"cve": "CVE-2022-37434",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-40303",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-40304",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-29469",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2024-20952",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2024-20952"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…