Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-0099 (GCVE-0-2014-0099)
Vulnerability from cvelistv5 – Published: 2014-05-31 10:00 – Updated: 2024-08-06 09:05
VLAI
EPSS
Summary
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
50 references
Date Public
2014-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"name": "59121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59121"
},
{
"name": "RHSA-2015:0765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "59732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59732"
},
{
"name": "59835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59835"
},
{
"name": "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
},
{
"name": "RHSA-2015:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"name": "MDVSA-2015:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"name": "RHSA-2015:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/140"
},
{
"name": "59849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"name": "67668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67668"
},
{
"name": "MDVSA-2015:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"name": "DSA-3530",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"name": "59678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59678"
},
{
"name": "HPSBUX03102",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "MDVSA-2015:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "HPSBUX03150",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"name": "FEDORA-2015-2109",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "59873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59873"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "1030302",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030302"
},
{
"name": "HPSBOV03503",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"name": "SSRT101681",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
},
{
"name": "DSA-3447",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"name": "60729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60729"
},
{
"name": "60793",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60793"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:09:53.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"name": "59121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59121"
},
{
"name": "RHSA-2015:0765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "59732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59732"
},
{
"name": "59835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59835"
},
{
"name": "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
},
{
"name": "RHSA-2015:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"name": "MDVSA-2015:052",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"name": "RHSA-2015:0720",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/140"
},
{
"name": "59849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"name": "67668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67668"
},
{
"name": "MDVSA-2015:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"name": "DSA-3530",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"name": "59678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59678"
},
{
"name": "HPSBUX03102",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "MDVSA-2015:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "HPSBUX03150",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"name": "FEDORA-2015-2109",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "59873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59873"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "1030302",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030302"
},
{
"name": "HPSBOV03503",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"name": "SSRT101681",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
},
{
"name": "DSA-3447",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"name": "60729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60729"
},
{
"name": "60793",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60793"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2014-0268.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"name": "59121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59121"
},
{
"name": "RHSA-2015:0765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "59732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59732"
},
{
"name": "59835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59835"
},
{
"name": "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"name": "MDVSA-2015:052",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"name": "RHSA-2015:0720",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/140"
},
{
"name": "59849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59849"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0865.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"name": "67668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67668"
},
{
"name": "MDVSA-2015:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"name": "DSA-3530",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"name": "59678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59678"
},
{
"name": "HPSBUX03102",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "MDVSA-2015:053",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "HPSBUX03150",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"name": "FEDORA-2015-2109",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "59873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59873"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "1030302",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030302"
},
{
"name": "HPSBOV03503",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"name": "SSRT101681",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
},
{
"name": "DSA-3447",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"name": "60729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60729"
},
{
"name": "60793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60793"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/138"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0099",
"datePublished": "2014-05-31T10:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:38.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2014-0099",
"date": "2026-05-28",
"epss": "0.37857",
"percentile": "0.97278"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-0099\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-05-31T11:17:13.297\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de enteros en java/org/apache/tomcat/util/buf/Ascii.java en Apache Tomcat anterior a 6.0.40, 7.x anterior a 7.0.53 y 8.x anterior a 8.0.4, cuando se opera detr\u00e1s de un proxy inverso, permite a atacantes remotos realizar ataques de contrabando de solicitudes HTTP a trav\u00e9s de una cabecera de longitud de contenido HTTP manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0.39\",\"matchCriteriaId\":\"029C1DD4-3B41-47D2-97D2-73A7D3D89817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83BA996F-C770-4E36-8FD8-916EA64E9A34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A354C34-A3FE-4B8A-9985-8874A0634BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE300CC-FD4A-444E-8506-E5E269D0A0A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"F50A3EC9-516E-48A7-839B-A73F491B5B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C28F09D-5CAA-4CA7-A2B5-3B2820F5F409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635EE321-2A1F-4FF8-95BE-0C26591969D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAC2FC75-97D2-4EA1-A1A0-F592A6D7C1F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4871FD1-7F8C-4677-A80B-4A0BBC71DD7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"31AB969A-9ACE-44EF-B2E5-CEC008F47C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"06217215-72E4-4478-BACB-628A0836A645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C95ADA4-66F5-45C4-A677-ACE22367A75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA810F3F-ADD3-4D3F-9DFC-DBDD87B3079C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11951A10-39A2-4FF5-8C43-DF94730FB794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B79F2EA-C893-4359-80EC-24AE38D982E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B6B0504-27C1-4824-A928-A878CBBAB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D903956B-14F5-4177-AF12-0A5F1846D3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F847DC-A2F5-456C-9038-16A0E85F4C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6B93A3A-D487-4CA1-8257-26F8FE287B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8802B2-57E0-4AA6-BC8E-00DE60468569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8461DF95-18DC-4BF5-A703-7F19DA88DC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2823789C-2CB6-4300-94DB-BDBE83ABA8E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A61429EE-4331-430C-9830-58DCCBCBCB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B3593F-CEDF-423C-90F8-F88EED87DC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7862B2-E1FA-4E16-92CD-8918AB461D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E03BE3-60CC-4415-B993-D0BB00F87A30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E5E8C3-21AD-4230-B945-AB7DE66307B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4945C8C1-C71B-448B-9075-07C6C92599CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED4730B0-2E09-408B-AFD4-FE00F73700FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8DE8A8A-7643-4292-BCC1-758AE0940207\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4752862B-7D26-4285-B8A0-CF082C758353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*\",\"matchCriteriaId\":\"58EA7199-3373-4F97-9907-3A479A02155E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4693BD36-E522-4C8E-9667-8F3E14A05EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBBC5EA-012C-4C5D-A61B-BAF134B300DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A358FDF-C249-4D7A-9445-8B9E7D9D40AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFF96F96-34DB-4EB3-BF59-11220673FA26\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8C62EF-1B67-456A-9C66-755439CF8556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E9607B-4D28-460D-896B-E4B7FA22441E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A819E245-D641-4F19-9139-6C940504F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81A31CA0-A209-4C49-AA06-C38E165E5B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7205475A-6D04-4042-B24E-1DA5A57029B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08022987-B36B-4F63-88A5-A8F59195DF4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA563BF-A67A-477D-956A-167ABEF885C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4B7557-EF35-451E-B55D-3296966695AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8756BF9B-3E24-4677-87AE-31CE776541F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F194580-EE6D-4E38-87F3-F0661262256B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05346F5A-FB52-4376-AAC7-9A5308216545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"305688F2-50A6-41FB-8614-BC589DB9A789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D24AA431-C436-4AA5-85DF-B9AAFF2548FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25966344-15D5-4101-9346-B06BFD2DFFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F4CBAC-27B1-4EFF-955A-A63B457D0578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD55B338-9DBE-4643-ABED-A08964D3AF7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4F710E-06EA-48F4-AC6A-6F143950F015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4936C2-0B2D-4C44-98C3-443090965F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48453405-2319-4327-9F4C-6F70B49452C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4670E65-2E11-49A4-B661-57C2F60D411F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E8FF71D-4710-4FBB-9925-A6A26C450F7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31002A23-4788-4BC7-AE11-A3C2AA31716D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7144EDDF-8265-4642-8EEB-ED52527E0A26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF06B5C1-B9DD-4673-A101-56E1E593ACDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D731065-626B-4425-8E49-F708DD457824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D850EA-E537-42C8-93B9-96E15CB26747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E037DA05-2BEF-4F64-B8BB-307247B6A05C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCAF1EB5-FB34-40FC-96ED-9D073890D8BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D395D95B-1F4A-420E-A0F6-609360AF7B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD221BA-0AB6-4972-8AD9-5D37AC07762F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55B6565-96CB-4F6A-9A80-C3FB82F30546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3300AFE-49A4-4904-B9A0-5679F09FA01E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5125CC-05F9-4678-90DB-A5C7CD24AE6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B904C74-B92E-4EAE-AE6C-78E2B844C3DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C6109D1-BC36-40C5-A02A-7AEBC949BAC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA8A7333-B4C3-4876-AE01-62F2FD315504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92993E23-D805-407B-8B87-11CEEE8B212F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A11BD74-305C-41E2-95B1-5008EEF5FA5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"595442D0-9DB7-475A-AE30-8535B70E122E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B0BA92A-0BD3-4CE4-9465-95E949104BAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F944B72-B9EB-4EB8-AEA3-E0D7ADBE1305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD3EB84-2ED2-49D4-8BC9-6398C2E46F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEDF6E1A-0DD6-42AB-9510-F6F4B6002C91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C947E549-2459-4AFB-84A7-36BDA30B5F29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D55DF79-F9BE-4907-A4D8-96C4B11189ED\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2014-0268.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://linux.oracle.com/errata/ELSA-2014-0865.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0675.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0720.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0765.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/May/138\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/May/140\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59121\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59678\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59732\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59835\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59849\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59873\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/60729\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/60793\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1578812\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1578814\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1580473\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-8.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21678231\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21680603\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21681528\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3447\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3530\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/532218/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/532221/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/67668\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1030302\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://advisories.mageia.org/MGASA-2014-0268.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://linux.oracle.com/errata/ELSA-2014-0865.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0675.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0720.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0765.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/May/138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/May/140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59678\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59835\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59849\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59873\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/60729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/60793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1578812\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1578814\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1580473\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-8.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21678231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21680603\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21681528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3447\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/532218/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/532221/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/67668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030302\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2014-AVI-480
Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPOS versions antérieures à 6.6R2 | ||
| ESET | Security | Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2 | ||
| Juniper Networks | N/A | CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6 | ||
| Juniper Networks | Junos Space | Junos Space jusqu'à la version 13.3 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2 | ||
| ESET | Security | Network and Security Manager (NSM) version 2012.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Network and Security Manager (NSM) version 2012.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3158",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
},
{
"name": "CVE-2010-3853",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
},
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2010-3081",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
},
{
"name": "CVE-2012-0789",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
},
{
"name": "CVE-2012-2329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
},
{
"name": "CVE-2014-0460",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
},
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2012-0781",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
},
{
"name": "CVE-2014-4827",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
},
{
"name": "CVE-2013-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2013-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2014-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2012-0788",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
},
{
"name": "CVE-2010-4755",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
},
{
"name": "CVE-2013-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
},
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"name": "CVE-2014-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
},
{
"name": "CVE-2013-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
},
{
"name": "CVE-2013-0791",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
},
{
"name": "CVE-2010-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
},
{
"name": "CVE-2014-7169",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2011-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
},
{
"name": "CVE-2011-1398",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2014-4825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
},
{
"name": "CVE-2010-4707",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
},
{
"name": "CVE-2012-0882",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
},
{
"name": "CVE-2009-0159",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
},
{
"name": "CVE-2014-0453",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2014-6271",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
},
{
"name": "CVE-2014-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2010-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
},
{
"name": "CVE-2014-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
},
{
"name": "CVE-2012-2311",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4830",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
},
{
"name": "CVE-2011-3368",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
},
{
"name": "CVE-2014-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
},
{
"name": "CVE-2014-4828",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
},
{
"name": "CVE-2014-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
},
{
"name": "CVE-2010-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
},
{
"name": "CVE-2012-0831",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2012-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
},
{
"name": "CVE-2014-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
},
{
"name": "CVE-2010-2956",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2014-4833",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
},
{
"name": "CVE-2011-4566",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
},
{
"name": "CVE-2014-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2014-6278",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
},
{
"name": "CVE-2012-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2010-1163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
},
{
"name": "CVE-2011-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
},
{
"name": "CVE-2011-4885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
},
{
"name": "CVE-2010-5107",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
},
{
"name": "CVE-2009-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
},
{
"name": "CVE-2010-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
},
{
"name": "CVE-2012-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
},
{
"name": "CVE-2011-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
},
{
"name": "CVE-2010-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-2337",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"name": "CVE-2013-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
},
{
"name": "CVE-2014-3091",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
},
{
"name": "CVE-2012-2131",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
}
],
"initial_release_date": "2014-11-13T00:00:00",
"last_revision_date": "2014-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-480",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
}
]
}
CERTFR-2014-AVI-513
Vulnerability from certfr_avis - Published: 2014-12-10 - Updated: 2014-12-10
De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Algo One versions 4.x et 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Storage Manager versions 6.x et 7.x",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere DataPower XC10 2.x",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Storage FlashCopy Manager versions 3.x et 4.x",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2014-6163",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6163"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4263",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4263"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4244"
},
{
"name": "CVE-2014-3058",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3058"
},
{
"name": "CVE-2014-6143",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6143"
},
{
"name": "CVE-2014-0198",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0198"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
}
],
"initial_release_date": "2014-12-10T00:00:00",
"last_revision_date": "2014-12-10T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-513",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-12-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 d\u00e9cembre 2014",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21690128"
}
]
}
CERTFR-2015-AVI-317
Vulnerability from certfr_avis - Published: 2015-07-24 - Updated: 2015-07-24
De multiples vulnérabilités ont été corrigées dans les produits BlueCoat. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Blue Coat HSM Agent pour SafeNet Luna SP",
"product": {
"name": "N/A",
"vendor": {
"name": "Bluecoat",
"scada": false
}
}
},
{
"description": "Management Center",
"product": {
"name": "N/A",
"vendor": {
"name": "Bluecoat",
"scada": false
}
}
},
{
"description": "X-Series XOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Bluecoat",
"scada": false
}
}
},
{
"description": "IntelligenceCenter",
"product": {
"name": "N/A",
"vendor": {
"name": "Bluecoat",
"scada": false
}
}
},
{
"description": "Director",
"product": {
"name": "N/A",
"vendor": {
"name": "Bluecoat",
"scada": false
}
}
},
{
"description": "Content Analysis System",
"product": {
"name": "N/A",
"vendor": {
"name": "Bluecoat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2014-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0050"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2014-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
},
{
"name": "CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2014-7810",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
},
{
"name": "CVE-2014-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
},
{
"name": "CVE-2014-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
}
],
"initial_release_date": "2015-07-24T00:00:00",
"last_revision_date": "2015-07-24T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-317",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-07-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eBlueCoat\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits BlueCoat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BlueCoat SA100 du 23 juillet 2015",
"url": "https://bto.bluecoat.com/security-advisory/sa100"
}
]
}
CERTFR-2022-AVI-568
Vulnerability from certfr_avis - Published: 2022-06-17 - Updated: 2022-06-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113 | ||
| IBM | N/A | IBM Disconnected Log Collector versions 1.x antérieures à 1.7.3 | ||
| IBM | N/A | IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x antérieures à 10.0.0.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209 | ||
| IBM | N/A | IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix | ||
| IBM | N/A | IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x antérieures à 4.0.0.2 | ||
| IBM | N/A | IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Disconnected Log Collector versions 1.x ant\u00e9rieures \u00e0 1.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x ant\u00e9rieures \u00e0 4.0.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2012-5886",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"name": "CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2013-4286",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2012-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2013-4590",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2019-17195",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2014-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"name": "CVE-2012-4431",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2013-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2015-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
},
{
"name": "CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"name": "CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"name": "CVE-2018-17196",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2013-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2012-4534",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2014-7810",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2014-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2013-4444",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4444"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"name": "CVE-2012-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2017-5647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2015-5345",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2016-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"name": "CVE-2012-2733",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2022-06-17T00:00:00",
"last_revision_date": "2022-06-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-568",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595755 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595755"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595739 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595739"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595965 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595965"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595721 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595721"
}
]
}
FKIE_CVE-2014-0099
Vulnerability from fkie_nvd - Published: 2014-05-31 11:17 - Updated: 2026-05-06 22:30
Severity
Summary
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "029C1DD4-3B41-47D2-97D2-73A7D3D89817",
"versionEndIncluding": "6.0.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*",
"matchCriteriaId": "83BA996F-C770-4E36-8FD8-916EA64E9A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "0A354C34-A3FE-4B8A-9985-8874A0634BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "CFE300CC-FD4A-444E-8506-E5E269D0A0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "F50A3EC9-516E-48A7-839B-A73F491B5B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "8C28F09D-5CAA-4CA7-A2B5-3B2820F5F409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*",
"matchCriteriaId": "FAC2FC75-97D2-4EA1-A1A0-F592A6D7C1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C4871FD1-7F8C-4677-A80B-4A0BBC71DD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*",
"matchCriteriaId": "31AB969A-9ACE-44EF-B2E5-CEC008F47C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "06217215-72E4-4478-BACB-628A0836A645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*",
"matchCriteriaId": "EA810F3F-ADD3-4D3F-9DFC-DBDD87B3079C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "8B79F2EA-C893-4359-80EC-24AE38D982E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B93A3A-D487-4CA1-8257-26F8FE287B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8802B2-57E0-4AA6-BC8E-00DE60468569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "8461DF95-18DC-4BF5-A703-7F19DA88DC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "2823789C-2CB6-4300-94DB-BDBE83ABA8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A61429EE-4331-430C-9830-58DCCBCBCB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "31B3593F-CEDF-423C-90F8-F88EED87DC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7862B2-E1FA-4E16-92CD-8918AB461D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E03BE3-60CC-4415-B993-D0BB00F87A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "48E5E8C3-21AD-4230-B945-AB7DE66307B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "4945C8C1-C71B-448B-9075-07C6C92599CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4730B0-2E09-408B-AFD4-FE00F73700FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DE8A8A-7643-4292-BCC1-758AE0940207",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4752862B-7D26-4285-B8A0-CF082C758353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "58EA7199-3373-4F97-9907-3A479A02155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4693BD36-E522-4C8E-9667-8F3E14A05EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "2BBBC5EA-012C-4C5D-A61B-BAF134B300DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A358FDF-C249-4D7A-9445-8B9E7D9D40AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF96F96-34DB-4EB3-BF59-11220673FA26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "33E9607B-4D28-460D-896B-E4B7FA22441E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "81A31CA0-A209-4C49-AA06-C38E165E5B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "0AA563BF-A67A-477D-956A-167ABEF885C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4B7557-EF35-451E-B55D-3296966695AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8980E61E-27BE-4858-82B3-C0E8128AF521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8756BF9B-3E24-4677-87AE-31CE776541F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE057E-2092-4C98-8D0C-75CF439D0A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8F194580-EE6D-4E38-87F3-F0661262256B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9731BAA-4C6C-4259-B786-F577D8A90FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1F74A421-D019-4248-84B8-C70D4D9A8A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "05346F5A-FB52-4376-AAC7-9A5308216545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "305688F2-50A6-41FB-8614-BC589DB9A789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D24AA431-C436-4AA5-85DF-B9AAFF2548FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25966344-15D5-4101-9346-B06BFD2DFFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "11F4CBAC-27B1-4EFF-955A-A63B457D0578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FD55B338-9DBE-4643-ABED-A08964D3AF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4F710E-06EA-48F4-AC6A-6F143950F015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4936C2-0B2D-4C44-98C3-443090965F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "48453405-2319-4327-9F4C-6F70B49452C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "49DD9544-6424-41A6-AEC0-EC19B8A10E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E4670E65-2E11-49A4-B661-57C2F60D411F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8FF71D-4710-4FBB-9925-A6A26C450F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "31002A23-4788-4BC7-AE11-A3C2AA31716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "7144EDDF-8265-4642-8EEB-ED52527E0A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DF06B5C1-B9DD-4673-A101-56E1E593ACDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7D731065-626B-4425-8E49-F708DD457824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D850EA-E537-42C8-93B9-96E15CB26747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "E037DA05-2BEF-4F64-B8BB-307247B6A05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "BCAF1EB5-FB34-40FC-96ED-9D073890D8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D395D95B-1F4A-420E-A0F6-609360AF7B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD221BA-0AB6-4972-8AD9-5D37AC07762F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B6565-96CB-4F6A-9A80-C3FB82F30546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3300AFE-49A4-4904-B9A0-5679F09FA01E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5125CC-05F9-4678-90DB-A5C7CD24AE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "1B904C74-B92E-4EAE-AE6C-78E2B844C3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6109D1-BC36-40C5-A02A-7AEBC949BAC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A7333-B4C3-4876-AE01-62F2FD315504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "92993E23-D805-407B-8B87-11CEEE8B212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7A11BD74-305C-41E2-95B1-5008EEF5FA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "595442D0-9DB7-475A-AE30-8535B70E122E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0BA92A-0BD3-4CE4-9465-95E949104BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "6F944B72-B9EB-4EB8-AEA3-E0D7ADBE1305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD3EB84-2ED2-49D4-8BC9-6398C2E46F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDF6E1A-0DD6-42AB-9510-F6F4B6002C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C947E549-2459-4AFB-84A7-36BDA30B5F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "5D55DF79-F9BE-4907-A4D8-96C4B11189ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en java/org/apache/tomcat/util/buf/Ascii.java en Apache Tomcat anterior a 6.0.40, 7.x anterior a 7.0.53 y 8.x anterior a 8.0.4, cuando se opera detr\u00e1s de un proxy inverso, permite a atacantes remotos realizar ataques de contrabando de solicitudes HTTP a trav\u00e9s de una cabecera de longitud de contenido HTTP manipulada."
}
],
"id": "CVE-2014-0099",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-31T11:17:13.297",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"source": "secalert@redhat.com",
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2014/May/138"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2014/May/140"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59121"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59678"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59732"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59835"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59849"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59873"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60729"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60793"
},
{
"source": "secalert@redhat.com",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
},
{
"source": "secalert@redhat.com",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
},
{
"source": "secalert@redhat.com",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"source": "secalert@redhat.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"source": "secalert@redhat.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/67668"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1030302"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "secalert@redhat.com",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/May/138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/May/140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XH5X-J8JF-PCPX
Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2025-04-14 21:42
VLAI
Summary
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
Details
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.54"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-util"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-util"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.54"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-util"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-0099"
],
"database_specific": {
"cwe_ids": [
"CWE-113"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-07T23:02:22Z",
"nvd_published_at": "2014-05-31T11:17:00Z",
"severity": "MODERATE"
},
"details": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",
"id": "GHSA-xh5x-j8jf-pcpx",
"modified": "2025-04-14T21:42:27Z",
"published": "2022-05-14T01:10:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/184cdc0d3f03f5737e12d21fff246d7285034597"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/fffd63a3bd3a5475379b7c074820a5463b7663b3"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/990de53ab923c126f7402090a4ca53df4bb80cbd"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"type": "WEB",
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/May/138"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/May/140"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59121"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59678"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59732"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59835"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59849"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59873"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60729"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60793"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/67668"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030302"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat"
}
GSD-2014-0099
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-0099",
"description": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",
"id": "GSD-2014-0099",
"references": [
"https://www.suse.com/security/cve/CVE-2014-0099.html",
"https://www.debian.org/security/2016/dsa-3530",
"https://access.redhat.com/errata/RHSA-2015:1009",
"https://access.redhat.com/errata/RHSA-2015:0765",
"https://access.redhat.com/errata/RHSA-2015:0720",
"https://access.redhat.com/errata/RHSA-2015:0675",
"https://access.redhat.com/errata/RHSA-2015:0235",
"https://access.redhat.com/errata/RHSA-2015:0234",
"https://access.redhat.com/errata/RHSA-2014:1149",
"https://access.redhat.com/errata/RHSA-2014:0895",
"https://access.redhat.com/errata/RHSA-2014:0865",
"https://access.redhat.com/errata/RHSA-2014:0843",
"https://access.redhat.com/errata/RHSA-2014:0842",
"https://access.redhat.com/errata/RHSA-2014:0836",
"https://access.redhat.com/errata/RHSA-2014:0835",
"https://access.redhat.com/errata/RHSA-2014:0834",
"https://access.redhat.com/errata/RHSA-2014:0833",
"https://access.redhat.com/errata/RHSA-2014:0827",
"https://ubuntu.com/security/CVE-2014-0099",
"https://advisories.mageia.org/CVE-2014-0099.html",
"https://alas.aws.amazon.com/cve/html/CVE-2014-0099.html",
"https://linux.oracle.com/cve/CVE-2014-0099.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-0099"
],
"details": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",
"id": "GSD-2014-0099",
"modified": "2023-12-13T01:22:44.489847Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2014-0268.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"name": "59121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59121"
},
{
"name": "RHSA-2015:0765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "59732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59732"
},
{
"name": "59835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59835"
},
{
"name": "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"name": "MDVSA-2015:052",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"name": "RHSA-2015:0720",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/140"
},
{
"name": "59849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59849"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0865.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"name": "67668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67668"
},
{
"name": "MDVSA-2015:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"name": "DSA-3530",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"name": "59678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59678"
},
{
"name": "HPSBUX03102",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "MDVSA-2015:053",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "HPSBUX03150",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"name": "FEDORA-2015-2109",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "59873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59873"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "1030302",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030302"
},
{
"name": "HPSBOV03503",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"name": "SSRT101681",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
},
{
"name": "DSA-3447",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"name": "60729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60729"
},
{
"name": "60793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60793"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/138"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,6.0.40),[7.0.0,7.0.54),[8.0.0,8.0.6)",
"affected_versions": "All versions before 6.0.40, all versions starting from 7.0.0 before 7.0.54, all versions starting from 8.0.0 before 8.0.6",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-189",
"CWE-937"
],
"date": "2022-08-16",
"description": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.",
"fixed_versions": [
"6.0.40",
"7.0.54",
"8.0.6"
],
"identifier": "CVE-2014-0099",
"identifiers": [
"GHSA-xh5x-j8jf-pcpx",
"CVE-2014-0099"
],
"not_impacted": "All versions starting from 6.0.40 before 7.0.0, all versions starting from 7.0.54 before 8.0.0, all versions starting from 8.0.6",
"package_slug": "maven/org.apache.tomcat/tomcat",
"pubdate": "2022-05-14",
"solution": "Upgrade to versions 6.0.40, 7.0.54, 8.0.6 or above.",
"title": "Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-0099",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
"http://advisories.mageia.org/MGASA-2014-0268.html",
"http://linux.oracle.com/errata/ELSA-2014-0865.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html",
"http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2",
"http://rhn.redhat.com/errata/RHSA-2015-0675.html",
"http://rhn.redhat.com/errata/RHSA-2015-0720.html",
"http://rhn.redhat.com/errata/RHSA-2015-0765.html",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://seclists.org/fulldisclosure/2014/May/138",
"http://seclists.org/fulldisclosure/2014/May/140",
"http://svn.apache.org/viewvc?view=revision\u0026revision=1578812",
"http://svn.apache.org/viewvc?view=revision\u0026revision=1578814",
"http://svn.apache.org/viewvc?view=revision\u0026revision=1580473",
"http://tomcat.apache.org/security-6.html",
"http://tomcat.apache.org/security-7.html",
"http://tomcat.apache.org/security-8.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"http://www-01.ibm.com/support/docview.wss?uid=swg21680603",
"http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"http://www.debian.org/security/2016/dsa-3447",
"http://www.debian.org/security/2016/dsa-3530",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://github.com/advisories/GHSA-xh5x-j8jf-pcpx"
],
"uuid": "3456cf6b-d8d4-47aa-b3f4-e56ab337d68d"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.39",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0099"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814",
"refsource": "CONFIRM",
"tags": [],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812",
"refsource": "CONFIRM",
"tags": [],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473",
"refsource": "CONFIRM",
"tags": [],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"name": "67668",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/67668"
},
{
"name": "59835",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59835"
},
{
"name": "59873",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59873"
},
{
"name": "59678",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59678"
},
{
"name": "59849",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59849"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0865.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"name": "59732",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59732"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"name": "60793",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/60793"
},
{
"name": "60729",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/60729"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
},
{
"name": "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
},
{
"name": "HPSBUX03150",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "FEDORA-2015-2109",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0268.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"name": "MDVSA-2015:052",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "MDVSA-2015:053",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"name": "RHSA-2015:0720",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "MDVSA-2015:084",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"name": "RHSA-2015:0765",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "DSA-3530",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"name": "HPSBUX03102",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"name": "HPSBOV03503",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "DSA-3447",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2016/dsa-3447"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"refsource": "CONFIRM",
"tags": [],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"name": "1030302",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1030302"
},
{
"name": "59121",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59121"
},
{
"name": "20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2014/May/140"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2014/May/138"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2019-04-15T16:29Z",
"publishedDate": "2014-05-31T11:17Z"
}
}
}
RHSA-2014:0827
Vulnerability from csaf_redhat - Published: 2014-07-02 08:44 - Updated: 2026-01-28 22:38Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: Updated tomcat packages that fix three security issues are now available
for Red Hat Enterprise Linux 7.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that Apache Tomcat did not limit the length of chunk
sizes when using chunked transfer encoding. A remote attacker could use
this flaw to perform a denial of service attack against Tomcat by streaming
an unlimited quantity of data, leading to excessive consumption of server
resources. (CVE-2014-0075)
It was found that Apache Tomcat did not check for overflowing values when
parsing request content length headers. A remote attacker could use this
flaw to perform an HTTP request smuggling attack on a Tomcat server located
behind a reverse proxy that processed the content length header correctly.
(CVE-2014-0099)
It was found that the org.apache.catalina.servlets.DefaultServlet
implementation in Apache Tomcat allowed the definition of XML External
Entities (XXEs) in provided XSLTs. A malicious application could use this
to circumvent intended security restrictions to disclose sensitive
information. (CVE-2014-0096)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product
Security.
All Tomcat 7 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.
4.3 ()
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information.
2.1 ()
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.
5.8 ()
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
19 references
Acknowledgments
Red Hat Product Security
David Jorm
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll Tomcat 7 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0827",
"url": "https://access.redhat.com/errata/RHSA-2014:0827"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "1072776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
},
{
"category": "external",
"summary": "1088342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
},
{
"category": "external",
"summary": "1102030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0827.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-01-28T22:38:09+00:00",
"generator": {
"date": "2026-01-28T22:38:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2014:0827",
"initial_release_date": "2014-07-02T08:44:18+00:00",
"revision_history": [
{
"date": "2014-07-02T08:44:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-07-02T08:44:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-28T22:38:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@7.0.42-6.el7_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.2-api@7.0.42-6.el7_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@7.0.42-6.el7_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-javadoc@7.0.42-6.el7_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@7.0.42-6.el7_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-2.2-api@7.0.42-6.el7_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@7.0.42-6.el7_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsvc@7.0.42-6.el7_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@7.0.42-6.el7_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"product": {
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"product_id": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-3.0-api@7.0.42-6.el7_0?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-0:7.0.42-6.el7_0.src",
"product": {
"name": "tomcat-0:7.0.42-6.el7_0.src",
"product_id": "tomcat-0:7.0.42-6.el7_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@7.0.42-6.el7_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.src",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.src",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Client-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.src",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.src",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.src",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.src",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Server-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.src",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.42-6.el7_0.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src"
},
"product_reference": "tomcat-0:7.0.42-6.el7_0.src",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-lib-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.42-6.el7_0.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"relates_to_product_reference": "7Workstation-optional-7.0.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"David Jorm"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0075",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2014-02-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1072776"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0075"
},
{
"category": "external",
"summary": "RHBZ#1072776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-02T08:44:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0827"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2014-0096",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2014-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1088342"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Low security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0096"
},
{
"category": "external",
"summary": "RHBZ#1088342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-02T08:44:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0827"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs"
},
{
"cve": "CVE-2014-0099",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2014-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1102030"
}
],
"notes": [
{
"category": "description",
"text": "It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: Request smuggling via malicious content length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0099"
},
{
"category": "external",
"summary": "RHBZ#1102030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-02T08:44:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0827"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Client-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Client-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7ComputeNode-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7ComputeNode-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Server-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Server-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-0:7.0.42-6.el7_0.src",
"7Workstation-optional-7.0.Z:tomcat-admin-webapps-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-docs-webapp-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-el-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-javadoc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsp-2.2-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-jsvc-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-lib-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-servlet-3.0-api-0:7.0.42-6.el7_0.noarch",
"7Workstation-optional-7.0.Z:tomcat-webapps-0:7.0.42-6.el7_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat/JBossWeb: Request smuggling via malicious content length header"
}
]
}
RHSA-2014:0833
Vulnerability from csaf_redhat - Published: 2014-07-03 17:05 - Updated: 2026-01-28 22:38Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
Severity
Moderate
Notes
Topic: An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server
2.0.1 that fixes three security issues is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
It was discovered that Apache Tomcat did not limit the length of chunk
sizes when using chunked transfer encoding. A remote attacker could use
this flaw to perform a denial of service attack against Tomcat by streaming
an unlimited quantity of data, leading to excessive consumption of server
resources. (CVE-2014-0075)
It was found that Apache Tomcat did not check for overflowing values when
parsing request content length headers. A remote attacker could use this
flaw to perform an HTTP request smuggling attack on a Tomcat server located
behind a reverse proxy that processed the content length header correctly.
(CVE-2014-0099)
It was found that the org.apache.catalina.servlets.DefaultServlet
implementation in Apache Tomcat allowed the definition of XML External
Entities (XXEs) in provided XSLTs. A malicious application could use this
to circumvent intended security restrictions to disclose sensitive
information. (CVE-2014-0096)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product
Security.
All users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat
Customer Portal are advised to apply this update. The Red Hat JBoss Web
Server process must be restarted for the update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.0
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information.
2.1 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.0
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.
5.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.0
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
19 references
Acknowledgments
Red Hat Product Security
David Jorm
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server\n2.0.1 that fixes three security issues is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat\nCustomer Portal are advised to apply this update. The Red Hat JBoss Web\nServer process must be restarted for the update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0833",
"url": "https://access.redhat.com/errata/RHSA-2014:0833"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=2.0.1",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=2.0.1"
},
{
"category": "external",
"summary": "1072776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
},
{
"category": "external",
"summary": "1088342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
},
{
"category": "external",
"summary": "1102030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0833.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security update",
"tracking": {
"current_release_date": "2026-01-28T22:38:10+00:00",
"generator": {
"date": "2026-01-28T22:38:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2014:0833",
"initial_release_date": "2014-07-03T17:05:59+00:00",
"revision_history": [
{
"date": "2014-07-03T17:05:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:35:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-28T22:38:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 2.0",
"product": {
"name": "Red Hat JBoss Web Server 2.0",
"product_id": "Red Hat JBoss Web Server 2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"David Jorm"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0075",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2014-02-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1072776"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0075"
},
{
"category": "external",
"summary": "RHBZ#1072776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-03T17:05:59+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0833"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2014-0096",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2014-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1088342"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Low security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0096"
},
{
"category": "external",
"summary": "RHBZ#1088342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-03T17:05:59+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0833"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs"
},
{
"cve": "CVE-2014-0099",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2014-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1102030"
}
],
"notes": [
{
"category": "description",
"text": "It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: Request smuggling via malicious content length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0099"
},
{
"category": "external",
"summary": "RHBZ#1102030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-03T17:05:59+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files).",
"product_ids": [
"Red Hat JBoss Web Server 2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0833"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"Red Hat JBoss Web Server 2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat/JBossWeb: Request smuggling via malicious content length header"
}
]
}
RHSA-2014:0834
Vulnerability from csaf_redhat - Published: 2014-07-03 17:01 - Updated: 2026-01-28 22:38Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security and bug fix update
Severity
Moderate
Notes
Topic: Updated tomcat6 packages that fix three security issues and one bug are now
available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5
and 6.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
It was discovered that Apache Tomcat did not limit the length of chunk
sizes when using chunked transfer encoding. A remote attacker could use
this flaw to perform a denial of service attack against Tomcat by streaming
an unlimited quantity of data, leading to excessive consumption of server
resources. (CVE-2014-0075)
It was found that Apache Tomcat did not check for overflowing values when
parsing request content length headers. A remote attacker could use this
flaw to perform an HTTP request smuggling attack on a Tomcat server located
behind a reverse proxy that processed the content length header correctly.
(CVE-2014-0099)
It was found that the org.apache.catalina.servlets.DefaultServlet
implementation in Apache Tomcat allowed the definition of XML External
Entities (XXEs) in provided XSLTs. A malicious application could use this
to circumvent intended security restrictions to disclose sensitive
information. (CVE-2014-0096)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product
Security.
This update also fixes the following bug:
The tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a
dependency of Red Hat JBoss Web Server 2.0.1, included a build of
commons-dbcp.jar that used an incorrect java package name, causing
applications using this dependency to not function properly. With this
update, the java package name has been corrected. (BZ#1101287)
All users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these
updated tomcat6 packages, which contain backported patches to correct these
issues. The Red Hat JBoss Web Server process must be restarted for the
update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.
4.3 ()
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information.
2.1 ()
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.
5.8 ()
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
18 references
Acknowledgments
Red Hat Product Security
David Jorm
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat6 packages that fix three security issues and one bug are now\navailable for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5\nand 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nThis update also fixes the following bug:\n\nThe tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a\ndependency of Red Hat JBoss Web Server 2.0.1, included a build of\ncommons-dbcp.jar that used an incorrect java package name, causing\napplications using this dependency to not function properly. With this\nupdate, the java package name has been corrected. (BZ#1101287)\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these\nupdated tomcat6 packages, which contain backported patches to correct these\nissues. The Red Hat JBoss Web Server process must be restarted for the\nupdate to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0834",
"url": "https://access.redhat.com/errata/RHSA-2014:0834"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1072776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
},
{
"category": "external",
"summary": "1088342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
},
{
"category": "external",
"summary": "1102030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0834.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security and bug fix update",
"tracking": {
"current_release_date": "2026-01-28T22:38:10+00:00",
"generator": {
"date": "2026-01-28T22:38:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2014:0834",
"initial_release_date": "2014-07-03T17:01:15+00:00",
"revision_history": [
{
"date": "2014-07-03T17:01:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-07-03T17:01:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-28T22:38:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product": {
"name": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_id": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-20_patch_04.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-lib@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_id": "tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.37-29_patch_05.ep6.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"product": {
"name": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"product_id": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-20_patch_04.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"product": {
"name": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"product_id": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat6@6.0.37-29_patch_05.ep6.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src"
},
"product_reference": "tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server",
"product_id": "5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src"
},
"product_reference": "tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"David Jorm"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2014-0075",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2014-02-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1072776"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0075"
},
{
"category": "external",
"summary": "RHBZ#1072776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-03T17:01:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files).\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0834"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter"
},
{
"cve": "CVE-2014-0096",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2014-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1088342"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Low security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0096"
},
{
"category": "external",
"summary": "RHBZ#1088342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-03T17:01:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files).\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0834"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs"
},
{
"cve": "CVE-2014-0099",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2014-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1102030"
}
],
"notes": [
{
"category": "description",
"text": "It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat/JBossWeb: Request smuggling via malicious content length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0099"
},
{
"category": "external",
"summary": "RHBZ#1102030",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099"
}
],
"release_date": "2014-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-03T17:01:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files).\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
"product_ids": [
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0834"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-0:6.0.37-20_patch_04.ep6.el5.src",
"5Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-lib-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-log4j-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-20_patch_04.ep6.el5.noarch",
"5Server-JBEWS-2:tomcat6-webapps-0:6.0.37-20_patch_04.ep6.el5.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-0:6.0.37-29_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-javadoc-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-lib-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-log4j-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.37-29_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat6-webapps-0:6.0.37-29_patch_05.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Tomcat/JBossWeb: Request smuggling via malicious content length header"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…